[Openswan Users] Routing to/from a vpn

Jason Brooks jason at petting-zoo.org
Fri Jun 12 23:33:45 EDT 2009


> It's actually "IPsec Security Associations". Those are IPsec Policy
> rules that determine what can go through the tunnel.
>
Thanks!

>> corresponding routing table entry that will route packets to the vpn?
>> Once the vpn is established, can I have the endpoints exchange  
>> routing
>> data with something like RIP?
>
> You can only send packets through the tunnel that fall within the the
> IPsec policy. These policies are usually host-host or subnet-subnet.
> If you want to do any kind of "dynamic routes", then you need to
> encapsulate packets, for instance using a host-host IPsec tunnel
> with IPIP or GRE.

I think I was wondering what the tunnel on one of the gateways would  
look like.  For instance, the "ifconfig" command shows an ipsec  
"device".  I could then make a route table entry such as:

route add -net 172.31.0.0 -netmask 255.255.0.0 dev ipsec1

The thought of using RIP was just cause I didn't want to manually  
maintain a bunch of routing tables.

--jason



More information about the Users mailing list