[Openswan Users] A working example of use of X.509 certificates, Linux -- Windows XP

Paul Wouters paul at xelerance.com
Thu Jun 16 20:36:54 CEST 2005


On Thu, 16 Jun 2005, Miguel Dilaj wrote:

>> no, with netkey, use interfaces="%defaultroute". Only klips really needs
> to know the interfaces to bind the ipsecX interfaces to. Netkey does not
> support or need that.
>
> Even when I need it listening on an interfact that's NOT the same used for
> my default route???
>
> To clarify... The host has 2 interfaces, on networks A (routable addresses)
> and B (private addresses), I need OpenSWAN listening on network A, but in my
> particular case the default route is on network B (it's a strange setup, but
> it's what we need here).
> I'm afraid of testing it and finding OpenSWAN listening on the private
> network only, that will need me to apologize to other users and go to the
> NOC to login locally and change that back ;-)

Yes :)

But it your setup works, don't change it. The "%defaultroute" adds some
capabilities to use things as 'left=%defaultroute'. If you don't have that,
then using left=%defaultroute can cause errors in the route command used.

Paul


More information about the Users mailing list