[Openswan Users] Scenario question, and dummy interfaces

Paul Wouters paul at xelerance.com
Thu Nov 18 12:24:53 CET 2004


On Wed, 17 Nov 2004, Ted Kaczmarek wrote:

> I know that I can use %defaultoute, but say I am getting my default
> route dynamically to the Openswan box via bgp, what happens to the ipsec
> sessions when the kernel RIB entry for the default changes?

I am not entirely sure when '%defaultroute' is parsed. It could be only at
startup. Perhaps Ken or Michael can shed more light on this.
Though my instincts are telling me that you should not get your default
route from BGP.... But I guess I'm more thinking in ISP mode then in dual
ADSL uplink mode.

> Also, I am still itching to be able to source a dummy interface.

As long as you dont actually use the 'dummy' device, since that device is
only capable of junking all traffic sent to it.

> Now reading some other posts it appears netlink is required, so if I was
> to modify the dummy code to provide netlink is this likely to fly.

> I must say after migrating all our ipsec sessions to Openswan from a
te that Herbert Xu corrected me in that we need netlink (which cannot be
disabled when building a kernel with networking) but we don't need the
old netlink device (which is what the CONFIG_NETLINK_DEV option was about).

> And you can put me down for two books the second is released.

deal :)

> More and more other projects are using wish lists and you guys are as
> deserving as any of them. Also some OpenSwan shirts would be cool as
> well.

It's a thought. We are playing with a new logo that should hopefully be
done this weekend.

Paul


More information about the Users mailing list