On Wed, 2006-08-23 at 18:14 -0700, H. Peter Anvin wrote: > H. Peter Anvin wrote: > > Alexey Kuznetsov wrote: > >> > >> The question is where is this host really? > >> > >> If it is far far away and connected only via IPsec tunnel with > >> destionation > >> of tunnel different of host address > >> > >> ip ro add THEHOST dev dummy0 > >> > >> should be enough. It asserts that THEHOST is not on eth0. > >> IPsec policy will figure out correct route, unless something is broken. > >> > > > > Just tried it, and it works as advertised. > > > > ... except that OpenSwan will rip out the route and install a route > pointing to eth0, thus breaking the thing again.
Use a custom updown script with Openswan to fix that. > > -hpa > > - > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
