<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>
Sheng , <br> Can you provide your configuration so we may look at it and make recommendations. It would help if you describe the network layout of your remote site / local site , how they are connected and what you are trying to achieve at the remote site / local site.<br> Thanks. <br><br><span style="font-family:Tahoma,Helvetica,Sans-Serif;font-style:italic;font-weight:bold">-<span style="font-family:Times New Roman,Times,Serif"> Simon Charles - </span></span><br><br><br><div><div id="SkyDrivePlaceholder"></div>> Date: Mon, 16 Jul 2012 16:32:46 -0700<br>> From: sheng@yasker.org<br>> To: users@lists.openswan.org<br>> Subject: [Openswan Users] Is there anyway to setup static route with NETKEY stack?<br>> <br>> Hi,<br>> <br>> I've dived in Google and this mailing's archive for quite some time,<br>> but still fail to find a way to specify static route per our<br>> requirement in NETKEY stack.<br>> <br>> The scenario is somehow easy to understand: we want to route any<br>> traffic our specified through the ipsec tunnel.<br>> <br>> Currently the configuration works well for certain subnets(we had to<br>> specify them in rightsubnets of ipsec.conf). But when it comes to<br>> redirect other traffic through the ipsec tunnel. E.g. we may want to<br>> let remote gateway(on the other side of ipsec tunnel) handle local<br>> traffic to the Internet. We can't figure out a way to do that with<br>> NETKEY stack.<br>> <br>> Seems with KLIPS, we can simply add ip route for that. I've checked ip<br>> xfrm, but still can't figure out a way to do that.<br>> <br>> When searching for possible methods, I saw someone said "No, there is<br>> no way to do so", but I still want to confirm that. Because if NETKEY<br>> would replace KLIPS, why we cannot do the same thing as in KLIPS(if I<br>> understand right)?<br>> <br>> Thanks in advance!<br>> <br>> --Sheng<br>> _______________________________________________<br>> Users@lists.openswan.org<br>> https://lists.openswan.org/mailman/listinfo/users<br>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy<br>> Building and Integrating Virtual Private Networks with Openswan:<br>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<br></div> </div></body>
</html>