[Openswan Users] why openswan need to add a same route for the net of local interface but via dev ipsec0
Paul Wouters
paul at xelerance.com
Fri Feb 6 14:04:09 EST 2009
On Tue, 3 Feb 2009, Wei Chen wrote:
> If I start ipsec, a same route for the net of local interface will be added:
> 192.168.5.0/24 dev ipsec0 proto kernel scope link src 192.168.5.62
> Why do we need this kind of route ?and how can I remove this route?
> #ip route show
> 192.168.100.0/24 dev ipsec0 scope link
> 192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.62
> 192.168.5.0/24 dev ipsec0 proto kernel scope link src 192.168.5.62
> default via 192.168.5.1 dev eth0
It was added because you are using leftsourceip=192.168.5.62
routes into ipsec0 are the delivery method of the linux networking stack
to get packets into the KLIPS kernel module.
Paul
More information about the Users
mailing list