[Openswan Users] gateway-to-gateway traffic is not encrypted
martin f krafft
madduck at madduck.net
Tue Mar 8 08:25:26 CET 2005
also sprach Paul Wouters <paul at xelerance.com> [2005.03.07.1955 +0100]:
> If your gateway uses it's public IP as source, then it will not fall
> without the net-to-net ipsec policy and go out plaintext. You can
> either define a host-host and/or host-net and net-host tunnels to
> cover all combinations, or add a left/rightsourceip= pointing to
> the internal IP address to change the default src address used
> for traffic on the gateways.
Awesome, leftsourceip is exactly what I wanted/needed. Thank you
thank you thank you.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
spamtraps: madduck.bogus at madduck.net
"everyone has a little secret he keeps,
i like the fires when the city sleeps."
-- mc 900 ft jesus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20050308/82087665/attachment.bin
More information about the Users
mailing list