[Openswan Users] Virtual Interface using NETKEY

Rob Denz rob3624 at gmail.com
Wed Jul 27 10:25:55 EDT 2011


Thank you all for the help. A little more background is I am moving systems
from vpnc to OpenSWAN while making as few changes as possible. Also, to
answer Mike's question, I need to use iptables to setup firewall rules and
use tcpdump. Worst case I'll just have to live without tcpdump.

Regards,

Rob

On Tue, Jul 26, 2011 at 5:13 PM, Ryan Whelan <rcwhelan at gmail.com> wrote:

> On Tue, Jul 26, 2011 at 4:57 PM, Michael H. Warfield <mhw at wittsend.com>
> wrote:
> > On Tue, 2011-07-26 at 16:30 -0400, Rob Denz wrote:
> >> Is there anyway to use a virtual interface when using the NETKEY IPsec
> stack
> >> with OpenSWAN? I am asking because I cannot use KLIPS for what I am
> working
> >> on.
> >
> > Why?
> >
> > I can think of only two potential reasons (and, no routing is not one of
> > them since IPsec is a policy VPN and you can not route anything you
> > didn't map into the tunnels anyways and then you don't need the routes).
> > Firewall rules (you can replace interfaces with explicit netblock
> > definitions) and tcpdump (valid argument there - we have a problem
> > there).
>
> I'm using the virtual interface to listen for (and send) OSPF traffic.
>  Doing it without the tunnel and trying to build neighbour peers by
> explicitly specifying the address of the other OSPF routers didn't
> work.
>
> >
> >> Thank You,
> >
> >> Rob
> >
> > Regards,
> > Mike
> > --
> > Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
> >   /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
> >   NIC whois: MHW9          | An optimist believes we live in the best of
> all
> >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of
> it!
> >
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110727/65b873de/attachment.html 


More information about the Users mailing list