[Openswan Users] Tunnel headends
Benny Amorsen
benny+usenet at amorsen.dk
Sun Mar 25 14:16:45 EDT 2007
>>>>> "PW" == Paul Wouters <paul at xelerance.com> writes:
PW> So where does 1.2.3.4 live? This side or that side? And once the
PW> packet got across, where does it go? back through the tunnel?
Depends on which routing you set up. Just like it does with a GRE
tunnel.
PW> Having those routes would cause you to have to set manual routes
PW> on every node. You would run the risk of endlessly looping
PW> packets, and you will find it impossible to run a firewall with
PW> all packets popping up everywhere.
It will not be particularly different from a GRE tunnel.
PW> You can do 10.a.b.0/24 === 0.0.0.0/0. In fact, that is exactly how
PW> I am connected at home (my home network goes entirely through
PW> IPsec)
Yes, that certainly works. It's just a bit inconvenient to not be able
to reach the client's outside address through the internet, except
when the tunnel is down.
/Benny
More information about the Users
mailing list