[Openswan Users] Virtual Interface using NETKEY

Michael H. Warfield mhw at WittsEnd.com
Tue Jul 26 16:57:34 EDT 2011


On Tue, 2011-07-26 at 16:30 -0400, Rob Denz wrote: 
> Is there anyway to use a virtual interface when using the NETKEY IPsec stack
> with OpenSWAN? I am asking because I cannot use KLIPS for what I am working
> on.

Why?

I can think of only two potential reasons (and, no routing is not one of
them since IPsec is a policy VPN and you can not route anything you
didn't map into the tunnels anyways and then you don't need the routes).
Firewall rules (you can replace interfaces with explicit netblock
definitions) and tcpdump (valid argument there - we have a problem
there).

> Thank You,

> Rob

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/users/attachments/20110726/4c8e20f9/attachment.bin 


More information about the Users mailing list