"
ipsec eroute --add --eraf inet --src company.com/24 \
--dst mail.ngo.org/32 --transport-proto 6 \
--dst-port 110 --said tun.135 at mail.ngo.org
sets up an eroute on on a Security Gateway to protect only TCP
traffic on port 110 (pop3) between the subnet com‐
pany.com with 24 bits of subnet mask and the host ftp.ngo.org via
Security Gateway mail.ngo.org using the Security
Association with Security Association ID tun0x135 at mail.ngo.org.
Note that any other traffic bound for
mail.ngo.org that is routed via the ipsec device will be dropped. If
you wish to allow other traffic to pass
through then you must add a %pass rule. For example the following
rule when combined with the above will ensure
that POP3 messages read from mail.ngo.org will be encrypted but all
other traffic to/from mail.ngo.org will be in
clear text.
ipsec eroute --add --eraf inet --src company.com/24 \
--dst mail.ngo.org/32 --said %pass
"
information upside come from manpage of ipsec_eroute. i want to know that if
i have just one enty added like "
ipsec eroute --add --eraf inet --src company.com/24 \
--dst mail.ngo.org/32 --transport-proto 6 \
--dst-port 110 --said tun.135 at mail.ngo.org
" , does any other trffic bound for mail.ngo.org routed via this ipsec
device will be droped?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071212/5c7512cb/attachment-0001.html