On Thu, 27 Jun 2002, Anthony de Boer wrote:
>
> Configuration is Roadwarrior with a bit of WLAN flavour, per the config
> document; leftsubnet is the whole Internet, and rightsubnet is a single
> address forwarded through the IPSEC pipe. On the laptop, that address is
> bound to lo:0.
Not on ipsec0:0 ? I had tried that before and that failed for me. What
kernel is that?
> The fix I'm using is to take the two /1 routes FreeS/WAN installs and
> replacing them with exactly the same thing with "src $MYADDR" appended.
> A wee bit of shell script (ip route | sed) will do it. You get:
>
> ip route replace 0.0.0.0/1 via $RIGHTNEXTHOP dev ipsec0 src $MYADDR
> ip route replace 128.0.0.0/1 via $RIGHTNEXTHOP dev ipsec0 src $MYADDR
Yes, that's part of the script we used for wavesec at SANE in the NL
last month. I thought there would be infrastructure mode wavesec at
OLS, not appendix mode. Guess the network wasn't what was expected? :)
> IMHO there should be slightly better kernel support for forcing
> source address selection;
Yes, but that's not a Freeswan specific issue. Perhaps kernelsummit
had something nice in this respect?
Now, for your next assignment, get your laptop to do OE without
crashing your ipsec tunnel. I haven't managed to get that to work,
and from talking with HRM it's currently not possible.
Paul
--"Movie scripts no longer write, George Lucas shall"
_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST