On 2/12/06, jared r r spiegel <[EMAIL PROTECTED]> wrote: > anyway, since it's all guesses as to what your setup is, i'll > guess that your (usual) default gateway is on the same subnet > as your external iface, and that your VPN peer is not on the > same subnet. in that case i would set the destination for my > default route to be the tunnel (assuming you're using tunnel) > IP of the remote host, and then a regular host route with a destination > of that VPN peer's regular IP and a gateway of what your default > gateway originally was.
Basically I've got a remote node that is directly attached to an untrusted LAN (think metropolitan) and the firewall/gateway to the internet/VPN peer are the same machine, also directly attached to the LAN. I tried setting up a network route to 0.0.0.0 mask 0.0.0.0 in isakmpd.conf but it didn't seem to do what I wanted to. > sudo route add Ugh, netstart should read a file in /etc/ for them or something. Am I the only one who fiddles with /etc/netstart? It'd be nice if it sourced netstart.local or something, so I didn't have to hack distro files. -- "Cryptography is nothing more than a mathematical framework for discussing various paranoid delusions." -- Don Alvarez http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
