# ifconfig
<same as previous e-mail>
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.4.1.65 10.4.1.65 255.255.255.255 UGH 0 0 0 ipsec0
10.4.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
10.4.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
# ipsec eroute
430 10.4.1.1/32 -> 10.4.1.65/32 =>tun0xffffffff_at_10.4.1.65
Does this look right?
AH
--- "Bantoft, Ken" <kbantoft_at_mdsp.com> wrote:
>
>
> What's your routing table look like.. Both route -n + ipsec eroute outputs.
>
> You might need to make some changes to force traffic out a specific
> interface.
>
>
> Ken
> kbantoft_at_mdsp.com
>
>
>
> > -----Original Message-----
> > From: Adrian Horton [mailto:adhort02_at_yahoo.com]
> > Sent: Thursday, April 04, 2002 10:58 AM
> > To: Bantoft, Ken; 'users_at_lists.freeswan.org'
> > Subject: RE: [Users] FreeS/WAN and Network Aliasing (a.k.a.
> > virtual IP)
> >
> >
> > I think I tried that... Here's what I did:
> >
> > # ifconfig eth0:0 10.4.1.1 netmask 255.255.255.0 broadcast 10.4.1.255
> >
> > Here's my ipsec.conf file:
> >
> > config setup
> > interfaces="ipsec0=eth0:0"
> > manualstart=connection
> >
> > conn connection
> > left=10.4.1.1
> > right=10.4.1.65
> > esp=3des-md5-96
> > spi=0x........
> > espenckey=0x.....................
> > espauthkey=0x.....................
> >
> > #ifconfig
> > eth0 Link encap:Ethernet HWaddr....
> > inet addr:10.4.1.2 Bcast:10.4.1.255 Mask:255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >
> > eth0:0 Link encap:Ethernet HWaddr....
> > inet addr:10.4.1.1 Bcast:10.4.1.255 Mask:255.255.255.0
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >
> > ipsec0: Link encap:Ethernet HWaddr....
> > inet addr:10.4.1.1 Bcast:10.4.1.255 Mask:255.255.255.0
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> >
> >
> > It looks though that the FreeS/WAN application treats eth0
> > and eth0:0 the same.
> >
> > Is there anything else I should do?
> >
> > AH
> >
> >
> > --- "Bantoft, Ken" <kbantoft_at_mdsp.com> wrote:
> > >
> > >
> > > You can do everything you mentioned... But you'll probably
> > need to look at
> > > iproute2 + policy routing to sort out the routing. The
> > Linux Advanced
> > > Routing HowTo is a good start. Essentially, you'll see to
> > put a few rules
> > > in place to send stuff back out the correct interface that
> > it came in,
> > > instead of the default.
> > >
> > >
> > > As for your second question, FreeS/Wan supports IP aliases
> > as well (eg:
> > > eth0:0). I use this myself - just change the interfaces=
> > statement in
> > > /etc/ipsec.conf to something like interfaces="ipsec0=eth0:0"
> > >
> > > Ken
> > > kbantoft_at_mdsp.com
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Adrian Horton [mailto:adhort02_at_yahoo.com]
> > > > Sent: Thursday, April 04, 2002 9:05 AM
> > > > To: Nate Carlson
> > > > Cc: users_at_lists.freeswan.org
> > > > Subject: Re: [Users] FreeS/WAN and Network Aliasing (a.k.a.
> > > > virtual IP)
> > > >
> > > >
> > > > I want the server to emulate two different IP addresses. One
> > > > is to have
> > > > FreeS/Wan running. The other virtual IP address is for an SSL
> > > > web site.
> > > >
> > > > This is for testing. Can I use FreeS/WAN on a Linux server
> > > > using a virtual IP
> > > > address?
> > > >
> > > > Thanks,
> > > >
> > > > AH
> > > >
> > > > --- Nate Carlson <natecars+freeswan_at_natecarlson.com> wrote:
> > > > > On Wed, 3 Apr 2002, Adrian Horton wrote:
> > > > > > I have a server running FreeS/WAN-1.96. The server
> > > > (Redhat 7.1) has
> > > > > > one ethernet interface but I need some traffic coming to
> > > > the server to
> > > > > > be cleartext. Can I set up a virtual IP address for the
> > > > server so that
> > > > > > FreeS/WAN runs on one IP address but not on the other?
> > > > > >
> > > > > > I tried "ifconfig eth0:1 10.X.Y.X netmask 255.255.255.255
> > > > broadcast
> > > > > > 10.X.Y.X" which works only in cleartext. When IPSec is
> > > > turned on the
> > > > > > eth0 interface tries to encrypt the data.
> > > > >
> > > > > Are you saying that you'd like a FreeS/WAN box to talk to a
> > > > remote host
> > > > > both in clear text and in encrypted?
> > > > >
> > > > > I suppose it'd be possibly, using Linux advanced routing
> > > > and such.. but it
> > > > > wouldn't be easy.
> > > > >
> > > > > If you want to talk to one host in encrypted, and one host
> > > > in clear text,
> > > > > well, that's the default way it works. :)
> > > > >
> > > > > (In other words -- we need more info.)
> > > > >
> > > > >
> > > >
> > ----------------------------------------------------------------------
> > > > > | nate carlson |
> > > > natecars_at_natecarlson.com |
> > > > > | brainbench mvp for linux admin --
> > > > http://www.brainbench.com |
> > > > > | Depriving some poor
> > > > village of it's idiot since 1981 |
> > > > >
> > > >
> > ----------------------------------------------------------------------
> > > > >
> > > >
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Yahoo! Tax Center - online filing with TurboTax
> > > > http://taxes.yahoo.com/
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users_at_lists.freeswan.org
> > > > http://lists.freeswan.org/mailman/listinfo/users
> > > >
> > >
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Tax Center - online filing with TurboTax
> > http://taxes.yahoo.com/
> >
>
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:48 CEST