[Openswan Users] overlapping left/right networks
Dmitry Chirikov
dmitry at chirikov.ru
Thu Dec 4 17:57:43 EST 2014
> Or a higher priority route for that traffic.
Is it possible in Linux? My findings say that xfrm do its encrypting work
earlier than the kernel makes routing decision.
Kind regards,
Dmitry Chirikov
On 4 December 2014 at 23:22, Neal Murphy <neal.p.murphy at alum.wpi.edu> wrote:
> On Thursday, December 04, 2014 05:15:02 PM Dmitry Chirikov wrote:
> > Yes /16 is correct follow the "right"-side-guys' rules. I am not sure
> this
> > is supported config, as I wrote in my first letter, so I decided to ask
> > more experienced folks and (will hope) developers for that.
> >
> > Regarding KLIPS - I'd like to use it, but this comment from default
> > ipsec.conf states I cannot:
> > # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
> >
> > (And I really tried to enable it before asking for help here. Without any
> > success)
>
> Well, drat the luck. I guess that leaves adding an explicit policy for .3.
> to
> .3. traffic. Or a higher priority route for that traffic. It's supposed to
> 'just work'.
>
> Sorry I couldn't come up with a simple solution.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141204/4c78976a/attachment.html>
More information about the Users
mailing list