[Openswan Users] MODVERSIONS & interfaces
Carlos G Mendioroz
tron at huapi.ba.ar
Wed Oct 6 07:49:32 CEST 2004
Paul,
thanks for quick answer.
Regarding flow/routes, I'm not trying to get rid of them, just to
understand them.
I know about the theory on ipsec, but not on how it is implemented in
openswan, so knowing how/where you apply filters to decide on passing on
the clear or securing the traffic would help me "get the picture" and
design security (rest of it). Any idea of the name or place of such
diagram ?
Thanks again,
-Carlos
Paul Wouters wrote:
> On Tue, 5 Oct 2004, Carlos G Mendioroz wrote:
>
>> I've just downloaded 2.2.0 to try some stuff.
>> In so doing I run into a problem, that seems to be caused by the
>> ipsec.o Makefile (.../linux/net/ipsec/Makefile) assuming kernel is
>> compiled with MODVERSIONS.
>> (Mine is not because a hardware provider provides drivers w/o them :-()
>
>
> This is a known bug, and Michael is fixing this in CVS.
>
>> On another track, is there a doc or some place to read info on the
>> flow packets take throw interfaces ? I'm trying to understand what
>> rules (iptables) should be changed and how when implementing ipsec.
>
>
> There is a diagram of this floating around somewhere, either on
> sandelman or
> freeswan.ca.
>
>> Some info on routing would be helpful too! I noticed some split
>> default tricks on some configs (route to 0.0.0.0/1 and 128.0.0.0/1 to
>> ipsec0) and would like to understand them...
>
>
> That is Opportunistic Encryption. Just include
> /etc/ipsec.d/examples/no_oe.conf
> in /etc/ipsec.conf if you don't want that.
>
> Paul
--
Carlos G Mendioroz <tron at huapi.ba.ar> LW7 EQI Argentina
More information about the Users
mailing list