[Openswan Users] kernel 2.6.23 + saref + centos 5
Paul Wouters
paul at xelerance.com
Sun Jan 17 17:51:30 EST 2010
On Sun, 17 Jan 2010, Paul Wouters wrote:
>> Do i need to enable something on make menuconfig to enable saref feature?
>
> No. There is no config option for it. Note that with openswan, you must
> use protostack=mast and have overlapip=yes in your l2tp conn section.
Also double check your installed _updown.mast. You will see this:
# note "fwmarkmask" is an (obsolete) Openswan patch to "ip" command.
# note2: iproute2-2.6.22-070710 supports mask via /mask notation instead
# ip rule add fwmark 0x80000000 fwmarkmask 0x80000000 table 50
ip rule add fwmark 0x80000000/0x80000000 table 50
ip route add 0.0.0.0/0 dev $PLUTO_INTERFACE table 50
For the 2.6.23 version you need to use the line with "fwmarkmask". With
2.6.32 you need to use the line with 0x80000000/0x80000000.
Paul
More information about the Users
mailing list