[Openswan Users] Virtual Interface using NETKEY

Ryan Whelan rcwhelan at gmail.com
Tue Jul 26 17:13:15 EDT 2011


On Tue, Jul 26, 2011 at 4:57 PM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Tue, 2011-07-26 at 16:30 -0400, Rob Denz wrote:
>> Is there anyway to use a virtual interface when using the NETKEY IPsec stack
>> with OpenSWAN? I am asking because I cannot use KLIPS for what I am working
>> on.
>
> Why?
>
> I can think of only two potential reasons (and, no routing is not one of
> them since IPsec is a policy VPN and you can not route anything you
> didn't map into the tunnels anyways and then you don't need the routes).
> Firewall rules (you can replace interfaces with explicit netblock
> definitions) and tcpdump (valid argument there - we have a problem
> there).

I'm using the virtual interface to listen for (and send) OSPF traffic.
 Doing it without the tunnel and trying to build neighbour peers by
explicitly specifying the address of the other OSPF routers didn't
work.

>
>> Thank You,
>
>> Rob
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>   NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>


More information about the Users mailing list