[Openswan Users] Is there anyway to setup static route with NETKEY stack?
charlessimon at hotmail.com
Mon Jul 16 19:39:42 EDT 2012
Can you provide your configuration so we may look at it and make recommendations. It would help if you describe the network layout of your remote site / local site , how they are connected and what you are trying to achieve at the remote site / local site.
- Simon Charles -
> Date: Mon, 16 Jul 2012 16:32:46 -0700
> From: sheng at yasker.org
> To: users at lists.openswan.org
> Subject: [Openswan Users] Is there anyway to setup static route with NETKEY stack?
> I've dived in Google and this mailing's archive for quite some time,
> but still fail to find a way to specify static route per our
> requirement in NETKEY stack.
> The scenario is somehow easy to understand: we want to route any
> traffic our specified through the ipsec tunnel.
> Currently the configuration works well for certain subnets(we had to
> specify them in rightsubnets of ipsec.conf). But when it comes to
> redirect other traffic through the ipsec tunnel. E.g. we may want to
> let remote gateway(on the other side of ipsec tunnel) handle local
> traffic to the Internet. We can't figure out a way to do that with
> NETKEY stack.
> Seems with KLIPS, we can simply add ip route for that. I've checked ip
> xfrm, but still can't figure out a way to do that.
> When searching for possible methods, I saw someone said "No, there is
> no way to do so", but I still want to confirm that. Because if NETKEY
> would replace KLIPS, why we cannot do the same thing as in KLIPS(if I
> understand right)?
> Thanks in advance!
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users