[Openswan Users] Routing to/from a vpn
Paul Wouters
paul at xelerance.com
Fri Jun 12 21:50:41 EDT 2009
On Fri, 12 Jun 2009, Jason Brooks wrote:
> I am trying to setup a vpn between three sites and a main site. The
> I have run into some confusion reading through ipsec and openswan
> documentation. It appears that openswan on a linux gateway uses
> something akin to packet filter rules: "x ip address range may talk to
> Y ip address range" as an example. Does the gateway also have a
It's actually "IPsec Security Associations". Those are IPsec Policy
rules that determine what can go through the tunnel.
> corresponding routing table entry that will route packets to the vpn?
> Once the vpn is established, can I have the endpoints exchange routing
> data with something like RIP?
You can only send packets through the tunnel that fall within the the
IPsec policy. These policies are usually host-host or subnet-subnet.
If you want to do any kind of "dynamic routes", then you need to
encapsulate packets, for instance using a host-host IPsec tunnel
with IPIP or GRE.
Paul
More information about the Users
mailing list