Hey Iain,
Nice to know these little details.
I would say that it is good to ask instead of wondering in the "unknown"
place of thinking by yourself.
I have seen that some afraid to ask and they are left by them-selfs for
weeks trying to figure out something so tiny which somebody already
"just know".
With hope you would be able to find a reasonable solution that fits you.
Best Regards,
Eliezer
On 17/11/13 22:14, Iain wrote:
Sorry, yes - I should have made that clearer. I’m using the netkey stack with
OpenSWAN, which does the transforms in the kernel. The routes become visible
on an “ip xfrm show”.
I’m doing an “ip addr” to list all the local addresses, then an “ipsec auto
—status” looking for connections that are up (STATE_QUICK_R2). I can then pull
out the networks on the other side of all the connections.
I’ve discovered how to get OpenSWAN to allow multiple networks on the other end
of the route, but it is difficult to work out what the internal routes look
like.
I’ll try switching to the klips stack and see if this makes the routes visible.
Adding what I thought were the right routes manually didn’t work - this is not
really a bird-related problem yet, but more a lack of understanding on my part
of how the OpenSWAN routing is working!
Iain
