[Openswan Users] several separated hosts per connection possible?
Paul Wouters
paul at xelerance.com
Thu May 12 12:10:45 CEST 2005
On Thu, 12 May 2005, lee hughes wrote:
> is it just a matter of add extra 'routes' at both ends when the ipsec
> tunnel is up,?
No, you cannot just 'route add' into the IPsec tunnel, because there is
no IPsec policy for those packets and they will get dropped. You should
make a seperate connection for those routes.
> I've heard you can run ospf as a routing protocol if your using gre,
> so take away all that static configuration, you need to be running
> ospf at both ends...
Yes, if you setup a host-host IPsec tunnel, and only send GRE packets
from those two hosts to each other, then you can 'add' any traffic in
there, since it is GRE encapsulated and the GRE packets comply with
the IPsec policy.
Paul
More information about the Users
mailing list