[Openswan Users] Openswan on Fedora 9

Michael H. Warfield mhw at WittsEnd.com
Tue May 20 11:35:46 EDT 2008


On Tue, 2008-05-20 at 00:07 -0400, Paul Wouters wrote:
> On Mon, 19 May 2008, Michael H. Warfield wrote:

> > 	I looked further and it seems I was wrong when I thought everything was
> > working when I specified the certificate subject.  It looks like pluto
> > is completing negotiations but then none of the routes appear on the
> > 2.6.09 side and I can't ping from the 2.4.9 side (where the routes did
> > appear).

> netkey does not require routes on the system, you will not see them.

	Interesting.  On a tunnel with subnets on both sides, on the 2.4.9
side, I see the routes for the subnet on the other side.  On the 2.6.09
side I do not see the routes for the subnet of the former.  Is this
merely another difference in behavior that's merely cosmetic?  I'm
trying to test out connectivity of that configuration right now.

	BTW...  The routes WOULD be required if you are employing a routing
daemon, like bgpd, to advertise routes out to other routers, which is
exactly what I'm doing.  Whether or not the routes are required by
netkey, I need them for bgp to redistribute.

> Paul
> -- 
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> _______________________________________________

	Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20080520/60e97c3b/attachment.bin 


More information about the Users mailing list