[Openswan Users] Extruded subnets with 2.6 kernel ipsec
tom at compton.nu
Wed Aug 11 11:54:45 CEST 2004
In message <Pine.LNX.4.44.0408102019440.2778-100000 at expansionpack.xtdnet.nl>
Paul Wouters <paul at xelerance.com> wrote:
> On Sun, 8 Aug 2004, Tom Hughes wrote:
>> # Connection to work
>> conn cyberscience
> Overlapping subnets do not work with 2.6 native ipsec.
Well it does seem to work if I add those passthrough connections
because it creates appropriate entries in the policy database to
stop it trying to encrypt the packets.
>> The question is, is there any better solution?
> KLIPS for 2.6 is almost done, in which case you can decide to use KLIPS
I was rather hoping to get away from having to have custom
kernels/modules. I thought that was going to be one of the big
improvements with having IPSEC already built in to the kernel.
Tom Hughes (tom at compton.nu)
More information about the Users