[Openswan Users] Help required - routing ipsec (native Kernel 2.6) on a multi-homed host?

Paul Wouters paul at xelerance.com
Thu Nov 8 09:54:42 EST 2007

On Thu, 8 Nov 2007, Alex Ip wrote:

> 	Can anyone suggest a nicer way for me to put all ipsec traffic on
> one interface using the native 2.6 kernel ipsec stack while leaving
> everything else (preferably including the unencrypted node-node traffic) on
> the other? It looks like I can force ipsec to use a particular interface if
> I use Klips, but I am trying to avoid having to install and maintain Klips
> if I can help it. Note that ipsec works just fine so long as the routing is
> set up correctly beforehand. I hope I've explained the problem clearly
> enough - thanks in anticipation.

You an can create passthrough connections, something like (untested):

conn passthrough1
	# email

It will be a bit trick for random high ports (as %any will cause other
problems), so you will have to try and play around with these for a bit.
(Or just use a right=ip.of.mail.server instead)

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list