[Openswan dev] Re: Openswan 2.4.0dr9 multiple defaultroute patch
davidm at snapgear.com
Tue Aug 16 14:44:47 CEST 2005
Jivin mcr at xelerance.com lays it down ...
> -----BEGIN PGP SIGNED MESSAGE-----
> >>>>> "David" == David McCullough <davidm at snapgear.com> writes:
> >> Do you have different IPs on the different interfaces?
> David> Yes.
> >> Do you use %defaultroute in your conns? Do the ESP packets come
> >> out with the right outer IP?
> David> Yes, and the packets come out the interface that is providing
> David> the first default route with the appropriate IP's.
> So, you mean that with the %defaultroute, you only get to use one
> defaultroute, and one IP, and one DSL link?
Yep, if and if it's not the one you want to use, tough. It's hardly
ideal, but you can always hard code the interface to use a different
> And if you had a more specific route to that destination, via another
> IP, it wouldn't work, I imagine?
No, but then you wouldn't use %defaultroute in that case I guess :-)
> (that's what we want to fix in pluto.. You get %defaultroute for free
> once you actually use the routing table...)
That sounds like a much better solution.
I never said using the first default route was the perfect solution :-)
But it has proved to be fairly useful for us deploying VPN/firewall
routers. And %defaultroute does as it implies,
David McCullough, davidm at cyberguard.com.au, Custom Embedded Solutions + Security
Ph:+61 734352815 Fx:+61 738913630 http://www.uCdot.org http://www.cyberguard.com
More information about the Dev