[Openswan Users] ip forwarding?

Paul Wouters paul at xtdnet.nl
Mon Feb 9 12:36:37 CET 2004

On Mon, 9 Feb 2004, mark wrote:

> Am I to understand that IP Forwarding must be enabled in the kernel
> for IPSec to work?

Only if the machine has connections which are "behind it". So in the 
following setup:


If you make a connection for host2 to gw1, where gateway has leftsubnet=subnet1,
then gw1 needs ip forwarding, while host2 doesn't need it.

The ipsec verify does a simple check for two interfaces and then warns you.
So the check isn't perfect. It host2 had a 2nd ethernetcard, you'd get the
warning but you could ignore it.


More information about the Users mailing list