[Openswan Users] Is there anyway to setup static route with NETKEY stack?

simon charles charlessimon at hotmail.com
Mon Jul 16 19:39:42 EDT 2012


Sheng , 
    Can you provide your configuration so we may look at it and make recommendations. It would help if you describe the network layout of your remote site / local site , how they are connected  and what you are trying to achieve at the remote site / local site.
      Thanks. 

- Simon Charles - 


> Date: Mon, 16 Jul 2012 16:32:46 -0700
> From: sheng at yasker.org
> To: users at lists.openswan.org
> Subject: [Openswan Users] Is there anyway to setup static route with NETKEY	stack?
> 
> Hi,
> 
> I've dived in Google and this mailing's archive for quite some time,
> but still fail to find a way to specify static route per our
> requirement in NETKEY stack.
> 
> The scenario is somehow easy to understand: we want to route any
> traffic our specified through the ipsec tunnel.
> 
> Currently the configuration works well for certain subnets(we had to
> specify them in rightsubnets of ipsec.conf). But when it comes to
> redirect other traffic through the ipsec tunnel. E.g. we may want to
> let remote gateway(on the other side of ipsec tunnel) handle local
> traffic to the Internet. We can't figure out a way to do that with
> NETKEY stack.
> 
> Seems with KLIPS, we can simply add ip route for that. I've checked ip
> xfrm, but still can't figure out a way to do that.
> 
> When searching for possible methods, I saw someone said "No, there is
> no way to do so", but I still want to confirm that. Because if NETKEY
> would replace KLIPS, why we cannot do the same thing as in KLIPS(if I
> understand right)?
> 
> Thanks in advance!
> 
> --Sheng
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120716/7d31ed92/attachment.html>


More information about the Users mailing list