Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Re: [Bugs] FS 1.97 and Virtual IP's

From: Michael Richardson (mcr_at_sandelman.ottawa.on.ca)
Date: Tue Jun 11 2002 - 22:51:39 CEST

Next message: Dave Randolph: "[Users] Help with vpn config."
Previous message: Barry, Christopher: "RE: [Users] Roadwarrior / inner ip / virtual ip / nat / iproute2 / virtual device / heelpl"
In reply to: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Next in thread: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Reply: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Mike" == Mike Thomas <mike_at_bedarra.com> writes:
>> > I am using left=198.64.133.69 as left, do you mean use eth0 as the
>> >interface?
>>
>> yes, that is what I'm saying.
>> Specifying 133.70 as your nexthop isn't going to work because it is
>> local. Perhaps if you specified another unused address on that network.

Mike> Oops, the nexthop that was causing the problem is 198.64.129.1. I was
Mike> trying 133.70 as a last gasp. So you are saying that I can't have a default

Yes, I understand.

Mike> route to a different subnet than the ip I want to IPSEC over(apologies if I
Mike> am being thick here).

  What happens again if you specify 129.1 as your nexthop again?

>> The key is that you need to permit "_updown" to write a proper "route"
>> command that will cause packets to travel via the ipsec0 device, rather
    Mike> than
>> via the eth0 device, so that IPsec gets a whack at things.
>> You could always hack the _updown script (make a copy first) so that it
>> always does the right thing.

Mike> I did take a look, but must admit I don't understand what is going on with
Mike> netmasks/routes to 128.0.0.0 etc..

You can mostly ignore that part for your application.

] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr_at_sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys

iQCVAwUBPQZi2YqHRg3pndX9AQGeRAP+KdIBZudi8M63fG/ZkbMZrdfk1tKfvuJQ
QT290xKfT+A+Y+znDdT5OoFaesh9QzUOenjRfqBLEga1HLuC7CVbYbQI1svmN6M2
yOgvUTMs6SZHnfNOFdIi6E61I+lt6SkvibJXWOXmMjfThJY5TTdikVMlYUh7iebn
ZR4eheMlKvQ=
=A4ZT
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Dave Randolph: "[Users] Help with vpn config."
Previous message: Barry, Christopher: "RE: [Users] Roadwarrior / inner ip / virtual ip / nat / iproute2 / virtual device / heelpl"
In reply to: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Next in thread: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Reply: Mike Thomas: "[Users] Re: [Bugs] FS 1.97 and Virtual IP's"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:14 CEST