[Openswan Users] Scenario question, and dummy interfaces
mcr at xelerance.com
mcr at xelerance.com
Fri Nov 19 00:57:58 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
Paul> On Wed, 17 Nov 2004, Ted Kaczmarek wrote:
>> I know that I can use %defaultoute, but say I am getting my
>> default route dynamically to the Openswan box via bgp, what
>> happens to the ipsec sessions when the kernel RIB entry for the
>> default changes?
Paul> I am not entirely sure when '%defaultroute' is parsed. It
Paul> could be only at startup. Perhaps Ken or Michael can shed more
%defaultroute is currently a creation of the scripts.
Completion of the "starter" system will move that into pluto. This is
the #1 item that is different in "starter" for 2.x vs 1.x.
(1.x just didn't support that at all)
Paul> light on this. Though my instincts are telling me that you
Paul> should not get your default route from BGP.... But I guess I'm
Paul> more thinking in ISP mode then in dual ADSL uplink mode.
it was always a goal to be able to support this, but no work has been
done to make this occur as yet. I do not have a scheduled date for this work.
Paul> te that Herbert Xu corrected me in that we need netlink (which
Paul> cannot be disabled when building a kernel with networking) but
Paul> we don't need the old netlink device (which is what the
Paul> CONFIG_NETLINK_DEV option was about).
Nothing needs the old netlink device, to my knowledge.
Very old freeswan did.
>> More and more other projects are using wish lists and you guys
>> are as deserving as any of them. Also some OpenSwan shirts would
>> be cool as well.
Paul> It's a thought. We are playing with a new logo that should
Paul> hopefully be done this weekend.
Yeah, we gotta do a better logo before we do T-shirts.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQZ2LWYqHRg3pndX9AQHynwP9HpMu711aBKeKH1+oy68PdetAY36wB7eC
8O6j+UW6P5cg6V8CFQ4XBXuPABmZEqrSOhhDuvRFlTOPqYLOB3q/0JrvV4ifpj5n
BBsE7QsPqUND+eDtXEdrlUq96k3ULurcDS3m5XIiYBAe0wpCpZIp9D4tLxKBhKGH
DGR4xkclwFU=
=fAq6
-----END PGP SIGNATURE-----
More information about the Users
mailing list