-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mike Mestnik wrote:
> conn rnet-lnet > left=1.2.3.4 > leftsubnet=172.27.27.0/24 > leftnexthop=1.2.3.1 > right=9.8.7.6 > rightsubnet=192.168.1.0/24 > authby=secret > auto=start > > Yes, this workes. > > > conn rnet-lserver > left=1.2.3.4 > leftnexthop=1.2.3.1 > right=9.8.7.6 > rightsubnet=192.168.1.0/24 > authby=secret > auto=start > >> Instead... >> route add 9.8.7.6 192.168.1.X >> This route will use the rnet-lnet VPN to access the 1.2 address of >> the(any) router on that net, should be added on the 1.2.3.4 host. From >> there the pkts will be sent *directly* to the correct computer. I'm very used to the freeswan KLIPS module with ipsecX virtual interfaces where our suggestion would *not* work. Not used to the new v2.6 ipsec stack yet, which I guess you are refering to. I think iproute2 could do it with klips, but I just found it easier to build a tunnel and let freeswan do it's work. As with anything, there's more than one way to do it. :) And for the record, all of my above configs work. They are routing ~50 tunnels between a dozen nets right now. - -- /phil -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) iD8DBQFCQ2/RGbd/rBLcaFwRAteaAJ9x4E/gBqkEqJ3Hi3a+Pqz5L/9bFACgw5op TavRD4NlsGWhODXG1GZchUY= =kRrP -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
