-----BEGIN PGP SIGNED MESSAGE-----
A nit: while there is no reason you shouldn't put all that stuff in the %default
conn, I would find is more rational to put it into some other conn name
and use "also=" get it.
> I am using left=198.64.133.69 as left, do you mean use eth0 as the
>interface?
yes, that is what I'm saying.
Specifying 133.70 as your nexthop isn't going to work because it is
local. Perhaps if you specified another unused address on that network.
The key is that you need to permit "_updown" to write a proper "route"
command that will cause packets to travel via the ipsec0 device, rather than
via the eth0 device, so that IPsec gets a whack at things.
You could always hack the _updown script (make a copy first) so that it
always does the right thing.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr_at_sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPQZPC4qHRg3pndX9AQEC4QQAvtkeJboRpUTT94bvjmtyRocJTQ9Ipyik
NsvHQNW0jP2u53uDnNVG5+WfZSLsW1kFFRN/KA+y6+B8j7IaiwU3ldqujCzp0vrH
pIpiB3mZOyngjw2/z4WdQpIbnR07p7dwWIlo4jwQd9yTIUl5BQ1UohUcoEehzsCN
vv/0oSm7t1g=
=1j8y
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST