[Openswan Users] Problem of routing under openswan
Dominique Blas
ml at blas.net
Mon Jun 28 14:53:56 CEST 2004
Le lundi 28 Juin 2004 13:16, Paul Wouters a écrit :
> On Mon, 28 Jun 2004, Dominique Blas wrote:
>
> > I have the same problem with racoon so I've supposed it's a kernel related problem but it only appears
> > when using native IPSEC !
>
> > A tunnel is established through eth1 with subnet 10.2.0.0/16. Since on the opposite side of this tunnel there is another tunnel towards 10.3.0.0/16
> > I had an idea, a few years ago, to say that the first tunnel is established with subnet 10.0.0.0/8 (an no more with 10.2.0.0/16).
> > Why ? In order to see (to ping and reach the SNMP agent) every other machine from the headquarters.
>
Thank you Paul for your rapid answer.
> This is a known limitation of the current 2.6 native ipsec stack.
Great limitation ! Not able to route when tunnel are established ;-)
> Use KLIPS
> instead. KLIPS for openswan is planned for version 2.3. You can try Nate's
> experimental patches posted to openswan-dev in the last few days to hack
> KLIPS onto your 2.6 box. Alternatively you can try running freeswan-2.06
> which has klips on 2.6 support.
Ok, now I know in which direction to search for,
Thank again Paul,
db
>
> Paul
>
>
>
More information about the Users
mailing list