[Openswan Users] Openswan+Kernel_2.6

Jacco de Leeuw jacco2 at dds.nl
Tue Sep 28 13:09:39 CEST 2004


Christian Tardif wrote:

>>Yes the ine ipsecX interface have dissappeared, the packets now travel
>>out the normal interface they would go
>>
>>The new stack uses the same config file with some minor chanegs
> 
> OK but then, how will I get the IP I should get from the other hand ?  I
> must misunderstand something here...   Let's say I'm on the Net, and I'm
> reaching (via IPSEC) an internal LAN which network is 192.168.3.0/24.
> Isn't it supposed to give me, somehow, an IP Address on this private
> subnet ?

This has not changed. It still works like your previous setup, i.e.
l2tpd+pppd assign an internal address to the remote user.

What has changed is that the native IPsec does not have ipsecX
interfaces. This makes it difficult to check the packets coming
in and out the tunnel with something like 'tcpdump -i ipsec0'
and also the 'listen-addr' parameter of l2tpd cannot be used.

KLIPS is being ported to kernel 2.6 so you could wait for that.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list