From: Sam Sgro (sam_at_freeswan.org)
Date: Fri Nov 08 2002 - 00:34:00 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 7 Nov 2002, Britt Tabor wrote:
> I have been having problems of late with my IPSEC connections. When I
> start a connection with IPSEC it changes the routing table of course.
> How should it change it? Meaning, when I look at my table now after
> bringing up a connection it has added a route for the subnet that my
> right side is a member of not the specific IP. This is what my current
> routing table looks like:
When our _updown script modifies the routing table, the destination will
depend on the connection itself. Taking "right" to be your peer, we'll look to
the value in "rightsubnet" if that is defined; else, we will use "right" as
the destination network in the route command. In any case, we use the routing
table to "shunt" traffic to that destination into our ipsec machinery.
So, ipsec would never have created a route to a specific IP address unless the
connection has been defined with that host as either "right" or "rightsubnet".
If you want, post the output of the ipsec barf command (ideally to a website)
- - we can use that info to determine whether or not the route is being created
correctly.
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPcr4akOSC4btEQUtAQG5sgP/SAfhQTUpByAM4mI+bRQPmxRBGGp/ZyNI
62sEyqxfJLoMQ6UXTSomjo0vqics7sH1MAqsFZYbxbiwaXBKixS5Y1Jvn/4nskub
qyhvanD7I1v2sfsRFkMqZyHjI/03gn1sBbMKA9pbUntmRhvDKc2+o3KXlEoLt8n4
aGdxSzA7meA=
=g7ZK
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Nov 08 2002 - 05:20:38 CET