[Openswan Users] several separated hosts per connection possible?
lee hughes
toxicnaan at gmail.com
Thu May 12 16:37:21 CEST 2005
ah I see now!!! it's all becoming clear now.
so would users here recommend running gre tunnel's rather the norm??
have you seen any configurations for the gre/ospf with swan?
Laters,
On 5/12/05, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 12 May 2005, lee hughes wrote:
>
> > is it just a matter of add extra 'routes' at both ends when the ipsec
> > tunnel is up,?
>
> No, you cannot just 'route add' into the IPsec tunnel, because there is
> no IPsec policy for those packets and they will get dropped. You should
> make a seperate connection for those routes.
>
> > I've heard you can run ospf as a routing protocol if your using gre,
> > so take away all that static configuration, you need to be running
> > ospf at both ends...
>
> Yes, if you setup a host-host IPsec tunnel, and only send GRE packets
> from those two hosts to each other, then you can 'add' any traffic in
> there, since it is GRE encapsulated and the GRE packets comply with
> the IPsec policy.
>
> Paul
>
More information about the Users
mailing list