[Openswan Users] how can i exclude multiple subnets from one side
Ted Kaczmarek
tedkaz at optonline.net
Sun Sep 19 08:52:18 CEST 2004
On Sun, 2004-09-19 at 07:42, Herbert Xu wrote:
> On Sun, Sep 19, 2004 at 07:37:33AM -0400, Ted Kaczmarek wrote:
> >
> > So you create another tunnel statement specifying what to bypass in a
> > previously configured tunnel. So it will then just take the default
> > route in the table if their is not a more specific route?
>
> It has nothing to do with routing. I'm not familiar enough with KLIPS
> but I'd expect the following to apply to it as well as 26sec which I
> can vouch for.
>
> This will get added as a policy (or eroute in KLIPS terminology) with
> a priority that is above the policy with the bigger rightsubnet.
> So any traffic going towards that subnet will match this policy (unless
> there is another one that's even more specific), hence bypassing IPsec.
>
> So with KLIPS even if your route says that the packet should go through
> ipsecX I'd still expect it to go out unencapsulated. Can someone who
> has read the KLIPS code confirm this?
Good stuff for a future how to :-)
Also the thread was chopped, was this by design?
Thanks for your feedback.
Ted
More information about the Users
mailing list