Re: vpn problem..
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mike Mestnik wrote:
> conn rnet-lnet
> left=1.2.3.4
> leftsubnet=172.27.27.0/24
> leftnexthop=1.2.3.1
> right=9.8.7.6
> rightsubnet=192.168.1.0/24
> authby=secret
> auto=start
>
> Yes, this workes.
>
>
> conn rnet-lserver
> left=1.2.3.4
> leftnexthop=1.2.3.1
> right=9.8.7.6
> rightsubnet=192.168.1.0/24
> authby=secret
> auto=start
>
>> Instead...
>> route add 9.8.7.6 192.168.1.X
>> This route will use the rnet-lnet VPN to access the 1.2 address of
>> the(any) router on that net, should be added on the 1.2.3.4 host. From
>> there the pkts will be sent *directly* to the correct computer.
I'm very used to the freeswan KLIPS module with ipsecX virtual
interfaces where our suggestion would *not* work. Not used to the new
v2.6 ipsec stack yet, which I guess you are refering to. I think
iproute2 could do it with klips, but I just found it easier to build a
tunnel and let freeswan do it's work. As with anything, there's more
than one way to do it. :)
And for the record, all of my above configs work. They are routing ~50
tunnels between a dozen nets right now.
- --
/phil
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
iD8DBQFCQ2/RGbd/rBLcaFwRAteaAJ9x4E/gBqkEqJ3Hi3a+Pqz5L/9bFACgw5op
TavRD4NlsGWhODXG1GZchUY=
=kRrP
-----END PGP SIGNATURE-----
Reply to: