[Openswan Users] Routing to/from a vpn
Jason Brooks
jason at petting-zoo.org
Fri Jun 12 23:33:45 EDT 2009
> It's actually "IPsec Security Associations". Those are IPsec Policy
> rules that determine what can go through the tunnel.
>
Thanks!
>> corresponding routing table entry that will route packets to the vpn?
>> Once the vpn is established, can I have the endpoints exchange
>> routing
>> data with something like RIP?
>
> You can only send packets through the tunnel that fall within the the
> IPsec policy. These policies are usually host-host or subnet-subnet.
> If you want to do any kind of "dynamic routes", then you need to
> encapsulate packets, for instance using a host-host IPsec tunnel
> with IPIP or GRE.
I think I was wondering what the tunnel on one of the gateways would
look like. For instance, the "ifconfig" command shows an ipsec
"device". I could then make a route table entry such as:
route add -net 172.31.0.0 -netmask 255.255.0.0 dev ipsec1
The thought of using RIP was just cause I didn't want to manually
maintain a bunch of routing tables.
--jason
More information about the Users
mailing list