On Thu, Jan 10, 2019 at 5:13 AM Stuart Henderson <s...@spacehopper.org> wrote: > > On 2019-01-10, Daniel Ouellet <dan...@presscom.net> wrote: > > I have two separate subnets (on different interfaces) on a router. I am > > trying to tunnel both subnets over the internet to another router on my > > network. I can tunnel one subnet easily and everything works as > > expected, but when I tunnel the 2nd subnet, then traffic from one local > > subnet is no longer forwarded to the other subnet, but is > > unconditionally sent into the ipsec tunnel, bypassing the routing table. > > OpenBSD's implementation of ipsec doesn't use the routing table, if you > want that (unless you make code changes) you will need to use a > different tunnel interface (gif or others) and just use ipsec to protect > the gif traffic. >
Dear all, Can someone point out an example of this gif+ipsec setup somewhere ? I failed at finding any GIF ref when looking IPSEC+OPENBSD, also man ipsec does not list gif, only enc. Best. -- -- --------------------------------------------------------------------------------------------------------------------- Knowing is not enough; we must apply. Willing is not enough; we must do