[Openswan Users] Openswan with Advanced Linux Routing
Brendan Simon
BrendanSimon at fastmail.fm
Fri Nov 18 16:06:02 CET 2005
Paul Wouters wrote:
> On Fri, 18 Nov 2005, Brendan Simon wrote:
>
>> The commericial IPSec stack only interrogates the main table and does not look
>> at other tables. Effectively my ip rules are ignored as the IPSec stack is
>> actually doing the routing based on the main linux routing table. What I
>> really want is for the IPSec stack to NOT do the routing, but pass the packets
>> to the standard linux routing code.
>>
>
> Openswan with NETKEY should work. Openswan with KLIPS likely will give problems
> since it also uses just the main routing table.
>
Thanks. I haven't looked at it since FreeSwan days. I know/believe
KLIPS is part of OpenSwan but have not heard of NETKEY. Is NETKEY part
of OpenSwan too?
> What is this "commercial stack". It sounds suspiciously like a KLIPS derivative.
>
Unfortunately I don't want to say as they are a related company to the
one I work for and I might get my hands slapped. Needless to say if I
decide to go with OpenSwan and it works then that would be a slap in the
face for that company but that's not really my problem :)
I don't believe it is a KLIPS derivative but I don't really know to be
truthful.
Thanks,
Brendan.
More information about the Users
mailing list