[Openswan Users] Dummy question about the design-related issues for openswan on a 2.6 kernel
Paul Wouters
paul at xelerance.com
Mon Aug 20 00:27:46 EDT 2007
On Sun, 19 Aug 2007, Jorge Davila wrote:
> May this is a dummy question, so, please, be gentle.
>
> What is the meaning of this:
>
> One side effect: When contacting a node on the local LAN which is protected
> by gateway OE, you will get asymmetrical routing (one way through the
> gateway,
> one way direct), and IPsec will drop the return packets.
>
> I read that paragraph in the file
>
> doc/2.6.known-issues
It's a corner case when using Opportunistic Encryption on a gateway-subnet basis,
where two hosts behind that one gateway are protected by OE, but are then trying
to talk to each other. It is very unlikely you will be hitting this scenario.
Paul
More information about the Users
mailing list