[Openswan Users] Extruded subnets with 2.6 kernel ipsec
Tom Hughes
tom at compton.nu
Wed Aug 11 11:54:45 CEST 2004
In message <Pine.LNX.4.44.0408102019440.2778-100000 at expansionpack.xtdnet.nl>
Paul Wouters <paul at xelerance.com> wrote:
> On Sun, 8 Aug 2004, Tom Hughes wrote:
>
>> # Connection to work
>> conn cyberscience
>> leftsubnet=172.16.0.0/12
>> rightsubnet=172.16.9.0/28
>
> Overlapping subnets do not work with 2.6 native ipsec.
Well it does seem to work if I add those passthrough connections
because it creates appropriate entries in the policy database to
stop it trying to encrypt the packets.
>> The question is, is there any better solution?
>
> KLIPS for 2.6 is almost done, in which case you can decide to use KLIPS
> instead.
I was rather hoping to get away from having to have custom
kernels/modules. I thought that was going to be one of the big
improvements with having IPSEC already built in to the kernel.
Tom
--
Tom Hughes (tom at compton.nu)
http://www.compton.nu/
More information about the Users
mailing list