[Openswan Users] Scenario question, and dummy interfaces

mcr at xelerance.com mcr at xelerance.com
Fri Nov 19 00:57:58 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Paul" == Paul Wouters <paul at xelerance.com> writes:
    Paul> On Wed, 17 Nov 2004, Ted Kaczmarek wrote:

    >> I know that I can use %defaultoute, but say I am getting my
    >> default route dynamically to the Openswan box via bgp, what
    >> happens to the ipsec sessions when the kernel RIB entry for the
    >> default changes?

    Paul> I am not entirely sure when '%defaultroute' is parsed. It
    Paul> could be only at startup. Perhaps Ken or Michael can shed more

  %defaultroute is currently a creation of the scripts.
  Completion of the "starter" system will move that into pluto. This is
the #1 item that is different in "starter" for 2.x vs 1.x.
  (1.x just didn't support that at all)

    Paul> light on this.  Though my instincts are telling me that you
    Paul> should not get your default route from BGP.... But I guess I'm
    Paul> more thinking in ISP mode then in dual ADSL uplink mode.

  it was always a goal to be able to support this, but no work has been
done to make this occur as yet. I do not have a scheduled date for this work.

    Paul> te that Herbert Xu corrected me in that we need netlink (which
    Paul> cannot be disabled when building a kernel with networking) but
    Paul> we don't need the old netlink device (which is what the
    Paul> CONFIG_NETLINK_DEV option was about).

  Nothing needs the old netlink device, to my knowledge.
  Very old freeswan did.

    >> More and more other projects are using wish lists and you guys
    >> are as deserving as any of them. Also some OpenSwan shirts would
    >> be cool as well.

    Paul> It's a thought. We are playing with a new logo that should
    Paul> hopefully be done this weekend.

  Yeah, we gotta do a better logo before we do T-shirts.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQZ2LWYqHRg3pndX9AQHynwP9HpMu711aBKeKH1+oy68PdetAY36wB7eC
8O6j+UW6P5cg6V8CFQ4XBXuPABmZEqrSOhhDuvRFlTOPqYLOB3q/0JrvV4ifpj5n
BBsE7QsPqUND+eDtXEdrlUq96k3ULurcDS3m5XIiYBAe0wpCpZIp9D4tLxKBhKGH
DGR4xkclwFU=
=fAq6
-----END PGP SIGNATURE-----


More information about the Users mailing list