[Openswan Users] Is there anyway to setup static route with NETKEY stack?

[Sheng Yang]

Hi,

I've dived in Google and this mailing's archive for quite some time,
but still fail to find a way to specify static route per our
requirement in NETKEY stack.

The scenario is somehow easy to understand: we want to route any
traffic our specified through the ipsec tunnel.

Currently the configuration works well for certain subnets(we had to
specify them in rightsubnets of ipsec.conf). But when it comes to
redirect other traffic through the ipsec tunnel. E.g. we may want to
let remote gateway(on the other side of ipsec tunnel) handle local
traffic to the Internet. We can't figure out a way to do that with
NETKEY stack.

Seems with KLIPS, we can simply add ip route for that. I've checked ip
xfrm, but still can't figure out a way to do that.

When searching for possible methods, I saw someone said "No, there is
no way to do so", but I still want to confirm that. Because if NETKEY
would replace KLIPS, why we cannot do the same thing as in KLIPS(if I
understand right)?

Thanks in advance!

--Sheng