[Openswan Users] Is there anyway to setup static route with NETKEY stack?

Sheng Yang sheng at yasker.org
Mon Jul 16 19:53:42 EDT 2012


Hi Simon,

Thanks for reply!

However, the configuration is what I cannot figure out now.

For example,

local                   left router  A                   right router
B        remote subnets
10.10.3.0/24 ---- 222.222.222.7             221.221.221.7 ------  172.16.10.1/24
                            |                                        |
                            |                                        |
                            |                                        |
                            |                                        |
                         Internet   ============= Internet

So, can I configure that, if host in local subnet want to access e.g.
8.8.8.8, the traffic have to go through router B rather than router
A(NAT disabled) and reach the internet? And at the same time, if host
want to access e.g. 4.4.4.4, the traffic would go through router A?

--Sheng

On Mon, Jul 16, 2012 at 4:39 PM, simon charles <charlessimon at hotmail.com> wrote:
> Sheng ,
>     Can you provide your configuration so we may look at it and make
> recommendations. It would help if you describe the network layout of your
> remote site / local site , how they are connected  and what you are trying
> to achieve at the remote site / local site.
>       Thanks.
>
> - Simon Charles -
>
>
>> Date: Mon, 16 Jul 2012 16:32:46 -0700
>> From: sheng at yasker.org
>> To: users at lists.openswan.org
>> Subject: [Openswan Users] Is there anyway to setup static route with
>> NETKEY stack?
>
>>
>> Hi,
>>
>> I've dived in Google and this mailing's archive for quite some time,
>> but still fail to find a way to specify static route per our
>> requirement in NETKEY stack.
>>
>> The scenario is somehow easy to understand: we want to route any
>> traffic our specified through the ipsec tunnel.
>>
>> Currently the configuration works well for certain subnets(we had to
>> specify them in rightsubnets of ipsec.conf). But when it comes to
>> redirect other traffic through the ipsec tunnel. E.g. we may want to
>> let remote gateway(on the other side of ipsec tunnel) handle local
>> traffic to the Internet. We can't figure out a way to do that with
>> NETKEY stack.
>>
>> Seems with KLIPS, we can simply add ip route for that. I've checked ip
>> xfrm, but still can't figure out a way to do that.
>>
>> When searching for possible methods, I saw someone said "No, there is
>> no way to do so", but I still want to confirm that. Because if NETKEY
>> would replace KLIPS, why we cannot do the same thing as in KLIPS(if I
>> understand right)?
>>
>> Thanks in advance!
>>
>> --Sheng
>> _______________________________________________
>> Users at lists.openswan.org
>> https://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list