Please CC me on all responses.
The XFRM frame work seems to be bypassed by the use of advanced routing.
I have ran the following test:
Network: A <-------> B <---------> C
where the IP of 'B' on network AB is j (eth0)
and the IP of 'B' on network BC is k (eth1)
Kernel 2.6.x: Be sure to have: Advanced Routing->Policy Routing compiled in
your kernel.
A) Setup IPsec ESP tunnels between computer A and B (both IP addresses k and
j)
B) Send packets to 'A' from 'B' with IP 'k'.
Do this with: ip route add A src k dev eth0
C) Observe that these packets are unencrypted.
Is this a known issue? Is someone already working to resolve it?
Should I be asking if this is even considered an issue?
Cheers,
Thomas
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
