[Openswan Users] Add route only after the connection was sucessful
Diogo V. kersting
k at brlix.com
Wed Apr 27 10:20:54 EDT 2011
Hello.
I'm using IPSec and KLIPs, and when I start the ipsec daemon(pluto) it
adds the following route:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.10.70 0.0.0.0 255.255.255.255 UH 0 0 0 ipsec0
Is there a way for ipsec to only add this route after the IPsec SA is
established ?
That way, it there is some sort of wrong configuration, I can still
access the remote machine. Other than that, there are kinds of traffic
that I would like to accept even is the IPSec SA is down.
Then I would block the non-encripted traffic using iptables (drop ping
on eth1 and accept ping on ipsec0 for instance)
###conn description###
conn diogo
authby=secret
auto=start
type=tunnel
left=192.168.10.230
leftsubnet=192.168.10.231/32
right=192.168.10.70
rightsubnet=vhost:%no,%priv
--
--
Diogo V. Kersting - Epidemus LTDA
More information about the Users
mailing list