[Openswan Users] Question about leftnexthop configuration.(Retransmission)

Paul Wouters paul at xelerance.com
Fri Nov 30 14:50:49 EST 2007

On Fri, 30 Nov 2007, ??? wrote:

> We are using Openswan for our router products. While satisfied with almost everything, I want to ask a basic question via this mailing list.
> Why should users configure leftnexthop parameters explicitly?
> As long as I know, this field is not relevent to the IPSec protocol and packet forwarding is determined by routing table.

It is only used by KLIPS, which provides virtual interfaces (ipsecX)
bound to real interfaces (ethX, pppX). It needs to know which interface to
send the packet out after it received it on an ipsecX interface.  Mostly,
this can be determined by looking at which interface the default route
points to, but somethings people have odd settings, or their default
route goes another way then the intended encrypted packet should go.

Since NETKEY does not have ipsecX interfaces, it does not require a leftnexthop.

Paul, still hoping for more resoures to work on merging KLIPS and NETKEY to
be the best of both worlds.

More information about the Users mailing list