[Openswan Users] overlapping left/right networks
Simon Deziel
simon at xelerance.com
Thu Dec 4 18:58:02 EST 2014
A conn with "type=passthrough" that covers your local range should work
in theory.
Regards,
Simon
On 12/04/2014 05:57 PM, Dmitry Chirikov wrote:
>> Or a higher priority route for that traffic.
> Is it possible in Linux? My findings say that xfrm do its encrypting
> work earlier than the kernel makes routing decision.
>
> Kind regards,
> Dmitry Chirikov
>
> On 4 December 2014 at 23:22, Neal Murphy <neal.p.murphy at alum.wpi.edu
> <mailto:neal.p.murphy at alum.wpi.edu>> wrote:
>
> On Thursday, December 04, 2014 05:15:02 PM Dmitry Chirikov wrote:
> > Yes /16 is correct follow the "right"-side-guys' rules. I am not sure this
> > is supported config, as I wrote in my first letter, so I decided to ask
> > more experienced folks and (will hope) developers for that.
> >
> > Regarding KLIPS - I'd like to use it, but this comment from default
> > ipsec.conf states I cannot:
> > # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
> >
> > (And I really tried to enable it before asking for help here. Without any
> > success)
>
> Well, drat the luck. I guess that leaves adding an explicit policy
> for .3. to
> .3. traffic. Or a higher priority route for that traffic. It's
> supposed to
> 'just work'.
>
> Sorry I couldn't come up with a simple solution.
>
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list