<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-8-i"></HEAD><BODY dir="rtl" style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">
<BLOCKQUOTE dir=rtl style="MARGIN-LEFT: 0px">
<BLOCKQUOTE dir=rtl style="MARGIN-LEFT: 0px"><DIV align=left>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Hi all<?xml:namespace prefix = o
ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I am using IPSEC tunnel between
two subnets 172.16.0.0/16 and 192.168.0.0/16 and my two hosts are
172.16.20.20 and 192.168.20.20 accordingly, between the two subnets a have a
single router with the following interfaces: 172.16.30.30 and
192.168.30.30.<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I want to use klips without
letting it change the main routing table in the following
way:<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">1. On each host table 250 will
route the traffic into device ipsec0 and table main will route the encrypted
packet out towards the router.<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">2. To send the right traffic to
table 250 I will use fwmark marking on the skb and
PBR.<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">My question is how to cancel the
changes inserted into the main routing table by the _startklips script, when
I tried to remove the call to the tncfg code and the ifconfig command I got
an error when trying to load up a tunnel (using ipsec auto -up tunnel) - "We
cannot identify ourselves as either end of this
connection".<o:p></o:p></SPAN></P>
<P class=MsoNormal
style="MARGIN: 0in 0in 0pt; DIRECTION: ltr; unicode-bidi: embed; TEXT-ALIGN: left"><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"><o:p> </o:p></SPAN></P><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-fareast-font-family: 'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US; mso-bidi-language: HE">Regards <SPAN
style="mso-spacerun: yes"> </SPAN><SPAN
style="mso-spacerun: yes"> </SPAN></SPAN></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>