[Openswan Users] ip forwarding?
Paul Wouters
paul at xtdnet.nl
Mon Feb 9 12:36:37 CET 2004
On Mon, 9 Feb 2004, mark wrote:
> Am I to understand that IP Forwarding must be enabled in the kernel
> for IPSec to work?
Only if the machine has connections which are "behind it". So in the
following setup:
subnet1---gw1------internet-------host2
If you make a connection for host2 to gw1, where gateway has leftsubnet=subnet1,
then gw1 needs ip forwarding, while host2 doesn't need it.
The ipsec verify does a simple check for two interfaces and then warns you.
So the check isn't perfect. It host2 had a 2nd ethernetcard, you'd get the
warning but you could ignore it.
Paul
More information about the Users
mailing list