Thank you all for the help. A little more background is I am moving systems from vpnc to OpenSWAN while making as few changes as possible. Also, to answer Mike's question, I need to use iptables to setup firewall rules and use tcpdump. Worst case I'll just have to live without tcpdump.<br>
<br>Regards,<br><br>Rob<br><br><div class="gmail_quote">On Tue, Jul 26, 2011 at 5:13 PM, Ryan Whelan <span dir="ltr"><<a href="mailto:rcwhelan@gmail.com">rcwhelan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On Tue, Jul 26, 2011 at 4:57 PM, Michael H. Warfield <<a href="mailto:mhw@wittsend.com">mhw@wittsend.com</a>> wrote:<br>
> On Tue, 2011-07-26 at 16:30 -0400, Rob Denz wrote:<br>
>> Is there anyway to use a virtual interface when using the NETKEY IPsec stack<br>
>> with OpenSWAN? I am asking because I cannot use KLIPS for what I am working<br>
>> on.<br>
><br>
> Why?<br>
><br>
> I can think of only two potential reasons (and, no routing is not one of<br>
> them since IPsec is a policy VPN and you can not route anything you<br>
> didn't map into the tunnels anyways and then you don't need the routes).<br>
> Firewall rules (you can replace interfaces with explicit netblock<br>
> definitions) and tcpdump (valid argument there - we have a problem<br>
> there).<br>
<br>
</div>I'm using the virtual interface to listen for (and send) OSPF traffic.<br>
Doing it without the tunnel and trying to build neighbour peers by<br>
explicitly specifying the address of the other OSPF routers didn't<br>
work.<br>
<div class="im"><br>
><br>
>> Thank You,<br>
><br>
>> Rob<br>
><br>
> Regards,<br>
> Mike<br>
> --<br>
> Michael H. Warfield (AI4NB) | <a href="tel:%28770%29%20985-6132" value="+17709856132">(770) 985-6132</a> | mhw@WittsEnd.com<br>
> /\/\|=mhw=|\/\/ | <a href="tel:%28678%29%20463-0932" value="+16784630932">(678) 463-0932</a> | <a href="http://www.wittsend.com/mhw/" target="_blank">http://www.wittsend.com/mhw/</a><br>
> NIC whois: MHW9 | An optimist believes we live in the best of all<br>
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!<br>
><br>
</div>> _______________________________________________<br>
> <a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
> <a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
><br>
><br>
</blockquote></div><br>