-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Claudia" == Claudia Schmeing <claudia_at_freeswan.org> writes:
Claudia> 5. Virtual Identity with iptables
Claudia> ============================== 3 posts Apr 18
Claudia> http://lists.freeswan.org/pipermail/users/2002-April/009413.html
Claudia> Creating a "virtual identity" on a peer subnet is now easier,
Claudia> thanks to 2.4's advanced routing support. Wnen Fiel Cabral
Claudia> wanted "to be able to configure [his] linux box + freeswan to
Claudia> use a virtual identity", Teemu Torma offered:
This is a funny term - I would call it inner address selection.
I understand it to mean that he wants to pick a different source IP
for packets going into the tunnel vs the IP of the outside interface.
If one uses an ipchains capable updown script (one has been posted multiple
times to the design list), then one uses advanced routing. Doing SNAT on the
packets is really way overkill on this, and quite invasive to the end-to-end
principle.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr_at_sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPNXp84qHRg3pndX9AQGAigQAst96/hVBG8p+OORIDe+RolI94d7tZ6ts
QO5wvkQkdJnwevYGOT5gemJ7DAjYS8Vu2EY3NpJtv2Ur+bAsYzk0hhZgU4wJ5upE
DFz2n10JLNju6UJ9ael+y4ayYuU8tAOh4PIX/2JkoisuzkpU78zUXGW8Ci1q7KtA
M88gc76O2sI=
=E9E3
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST