[Openswan Users] FreeS/WAN on UML

Fri Apr 2 16:32:13 CEST 2004

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Simon" == Simon Matthews <simon+swan1 at paxonet.com> writes:
    Simon> The problem is that the machine does not have a "nexthop". Or
    Simon> rather, the "nexthop" is the machine's own IP address. "route
    Simon> -n" returns the machine's own ip address as the gateway for
    Simon> 0.0.0.0. 

  Well, that's strictly speaking wrong.
  It works because the eth0(uml)/tap0(host) is a unicast connection.

  Can your hosting company simply provide you with a proper default route?

    Simon> then it complains that it cannot find the defaultroute.

  Yeah... I have no solution for you on FS 2.02.

  Openswan 2.2.1 has some experiemental code to dispense with the
nexthop, but at present, pluto still demands that it be there. It turns
out it is important for on-demand keying (such as OE or %trapsubnet).

  You may be able to lie and set the default route to some arbitrary
value that is on the same "link" as your eth0.

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQG3NzIqHRg3pndX9AQFuNgP7BRMue6IubemjNi4p5LE2+8u1RhAdgVsy
KMDPlCzyZKWReVLYpEwDl2nN4LF2GanTUU7CqEt5y0aeZZzCYI+q2BaLUYSt8jux
u7+RLF91BHSwMsSJoirY34iFYogzAqkUrf2i6eZCl1GphVywG2GYGgdecAsyMs5j
yozl0UyjuWU=
=6ptk
-----END PGP SIGNATURE-----