[Openswan Users] Pluto not running???
David Clymer
dclyme at hrcsb.org
Mon Aug 16 12:50:46 CEST 2004
Thus quoth Paul Wouters:
> To: Matthew Claridge <mclaridge at rwa-net.co.uk>
> Cc: users at lists.openswan.org
> From: Paul Wouters <paul at xelerance.com>
> Subject: Re: [Openswan Users] Pluto not running???
>
> On Mon, 16 Aug 2004, Matthew Claridge wrote:
>
> > conn tunnelipsec
> > type=tunnel
> > left=62.x.x.x
> > leftnexthop=%defaultroute
> > leftsubnet=172.x.x.x/24
> > right=194.x.x.x
> > rightnexthop=%defaultroute
> > rightsubnet=145.x.x.x/24
> > esp=3des-md5-96
> > keyexchange=ike
> > pfs=no
> > auto=start
>
> DO NOT user *nexthop=%defaultroute.
>
> I don't know where this came form, but more and more people are trying to
> use it. And for 2.6 native IPsec or backports thereof, you should never
> use the nexthop settings, since they are only used for getting traffic
> into the proper ipsecX devices, which do not exist for the native 2.6 code.
>
Its a freeswan thing. It's used in the config examples provided in the
freeswan docs (http://www.freeswan.org/freeswan_trees/freeswan-2.06/doc/config.html)
-davidc
More information about the Users
mailing list