[Openswan Users] A working example of use of X.509 certificates, Linux -- Windows XP

Miguel Dilaj mdilaj at nccglobal.com
Thu Jun 16 16:20:41 CEST 2005


Hi Paul,

Sorry for being pedantic ;-)

>>>> I'm not sure if the line
>>>> 	interfaces="ipsec0=eth0"
>>>> is required, but it works...
>>>
>>> No. in fact when using netkey on linux 2.6, it is best left at
>> "%defaultroute"
>>
>> OK, but I've 2 interfaces on the VPN box.
>> I _guess_ that I should use:
>>
>> 	interfaces=a.a.a.a
>
> no, with netkey, use interfaces="%defaultroute". Only klips really needs
to know the interfaces to bind the ipsecX interfaces to. Netkey does not
support or need that.

Even when I need it listening on an interfact that's NOT the same used for
my default route???

To clarify... The host has 2 interfaces, on networks A (routable addresses)
and B (private addresses), I need OpenSWAN listening on network A, but in my
particular case the default route is on network B (it's a strange setup, but
it's what we need here).
I'm afraid of testing it and finding OpenSWAN listening on the private
network only, that will need me to apologize to other users and go to the
NOC to login locally and change that back ;-)

Thank you in advance for your answer.
Cheers,

Miguel


***********************************************************************************************************
DISCLAIMER:                                                                                                
This e-mail contains proprietary information, some or all of which may be legally privileged.              
It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, 
please notify the author by replying to this e-mail. If you are not the intended recipient you may not use,
disclose, distribute, copy, print or rely on this e-mail.                                                  
***********************************************************************************************************



More information about the Users mailing list