[Openswan Users] Extruded subnets with 2.6 kernel ipsec

Tom Hughes tom at compton.nu
Wed Aug 11 11:54:45 CEST 2004

In message <Pine.LNX.4.44.0408102019440.2778-100000 at expansionpack.xtdnet.nl>
        Paul Wouters <paul at xelerance.com> wrote:

> On Sun, 8 Aug 2004, Tom Hughes wrote:
>>   # Connection to work
>>   conn cyberscience
>>           leftsubnet=
>>           rightsubnet=
> Overlapping subnets do not work with 2.6 native ipsec.

Well it does seem to work if I add those passthrough connections
because it creates appropriate entries in the policy database to
stop it trying to encrypt the packets.

>> The question is, is there any better solution? 
> KLIPS for 2.6 is almost done, in which case you can decide to use KLIPS
> instead.

I was rather hoping to get away from having to have custom
kernels/modules. I thought that was going to be one of the big
improvements with having IPSEC already built in to the kernel.


Tom Hughes (tom at compton.nu)

More information about the Users mailing list