[Openswan Users] multiple disjoint private subnets
Michael Richardson
mcr at sandelman.ottawa.on.ca
Fri Jul 9 13:07:40 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Tuomo" == Tuomo Soini <tis at foobar.fi> writes:
Tuomo> It was that patch which was included in CVS and then ripped
Tuomo> out because it broke lots of tests (because of changed
Tuomo> routing table outputs).
No, we ripped it out again because it broke OE, and any dynamically
keyed tunnels. The first packet gets dropped, and that caused a lot of
grief.
Likely, the problem is in KLIPS itself. (26sec does even worse with OE
for other reasons).
My plan -- which I can't say right where it is now -- was to make
nexthop optional in pluto, and so OE will set it, and if isn't set, then
updown won't do it.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQO7Cx4qHRg3pndX9AQE6rQP/auDEwfOkrRohix3laaZSKKgRYvbL3NDz
dnnm18Ph+n9zOgKyh0FjUwBhS2PlEXlxKAJrgNLTvGL89cYTKwrRkfX9TWS27QQa
kPnQy0GJpyPSDNwQMT8UhBLiy4asOlmumyx8ksPNCFjcWNv/aFPSO3KahNQA/PAv
Ek02zyThDyU=
=G5D1
-----END PGP SIGNATURE-----
More information about the Users
mailing list