[Openswan Users] Packets show up twice in tcpdump
Michael Smith
msmith at cbnco.com
Wed Aug 23 09:46:41 EDT 2006
On Wed, 23 Aug 2006, Mihajlo Cvetanović wrote:
> > The virtual interface in KLIPS is nice for troubleshooting but it doesn't
> > work with dynamic routing.
> Could you elaborate more on this, please? I've never needed to work with
> dynamic routing, but in case the need arises this info would be helpful. I was
> under the impression that KLIPS doesn't prevent you from doing something you
> were able to do before.
It's actually not the virtual interface that causes problems, but what
happens after the packets are encapsulated.
With KLIPS, you have a route to the remote tunneled subnet via, say,
ipsec0. KLIPS grabs the packet and forwards it to the remote peer using a
statically configured nexthop from ipsec.conf. There is no way to use a
dynamic route to the peer.
Mike
More information about the Users
mailing list