-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 IPsec doesn't care about your routes, only if they are still there, after the routing has taken place. It hijacks the packets after the routing decision has been made. Obviously, the packet has to be destined to actually leave through some interface. So a simple default route is sufficient.
Look here: http://inai.de/images/nf-packet-flow.png Mit freundlichen Grüßen/Kind Regards, Noel Kuntze GPG Key ID: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 26.05.2015 um 13:48 schrieb Zhuyj: > No, if route table is not configured, policy will not have chance to handle > packets. > > 发自我的 iPhone > >> 在 2015年5月26日,19:37,Noel Kuntze <[email protected]> 写道: >> >> > It won't, because IPsec on Linux is all policy based. > > Mit freundlichen Grüßen/Kind Regards, > Noel Kuntze > > GPG Key ID: 0x63EC6658 > Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > > >>> Am 26.05.2015 um 13:35 schrieb Zhuyj: > >>> Yeah,maybe virtual ip will help. > >>> > >>> > >>> 发自我的 iPhone > >>> > >>>> 在 2015年5月26日,19:16,Noel Kuntze <[email protected]> 写道: > >>> Hello, > >>> > >>> No, not so easily. You either have to map one of those networks onto > >>> another subnet with iptables or use marks to differentiate the traffic. > >>> > >>> Mit freundlichen Grüßen/Kind Regards, > >>> Noel Kuntze > >>> > >>> GPG Key ID: 0x63EC6658 > >>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > >>> > >>>>>> Am 26.05.2015 um 13:15 schrieb mgundes: > >>>>>> Zhuyj and Noel, thank you. > >>>>>> > >>>>>> Zhuyj, regarding route table, what if some different private networks > >>>>>> have same subnets? I mean if two organizations have 192.168.2.0/24 > >>>>>> <http://192.168.2.0/24> network than would it be possible to properly > >>>>>> set route table? > >>>>>> > >>>>>> Thanks. > >>>>>> > >>>>>> On Tue, May 26, 2015 at 2:05 PM, Zhuyj <[email protected] > >>>>>> <mailto:[email protected]>> wrote: > >>>>>> > >>>>>> Pay attention to route table. > >>>>>> > >>>>>> > >>>>>> 发自我的 iPhone > >>>>>> > >>>>>>> 在 2015年5月26日,18:42,Noel Kuntze <[email protected] > >>>>>>> <mailto:[email protected]>> 写道: > >>>>>> Hello, > >>>>>> > >>>>>> Yes, that is possible. Simply create different conn sections. > >>>>>> > >>>>>> Mit freundlichen Grüßen/Kind Regards, > >>>>>> Noel Kuntze > >>>>>> > >>>>>> GPG Key ID: 0x63EC6658 > >>>>>> Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 > >>>>>> > >>>>>>>>> Am 26.05.2015 um 10:39 schrieb mahmut g: > >>>>>>>>> > >>>>>>>>> Hello, > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> I need to connect many servers in different private networks. My > >>>>>>>>> application should connect and gets data from many(4 or 5) services > >>>>>>>>> on that servers. However, I need to create VPN to those network to > >>>>>>>>> be able to connect those server. For instance one of the private > >>>>>>>>> networks has Cisco 3845 router as vpn hardware and another use some > >>>>>>>>> other solution etc. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Those private networks are different organizations. I am not good > >>>>>>>>> at IPSec and VPN issues, I wonder If it is possible to connect more > >>>>>>>>> than one private network from single Linux VPS machine with > >>>>>>>>> strongswan? > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Thanks, > >>>>>>>>> > >>>>>>>>> Regards. > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> Mahmut > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> _______________________________________________ > >>>>>>>>> Users mailing list > >>>>>>>>> [email protected] <mailto:[email protected]> > >>>>>>>>> https://lists.strongswan.org/mailman/listinfo/users > >>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> Users mailing list > >>>>>>> [email protected] <mailto:[email protected]> > >>>>>>> https://lists.strongswan.org/mailman/listinfo/users > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> -- > >>>>>> Mahmut Gündeş > >>> > >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVZLTjAAoJEDg5KY9j7GZYnH4P/3xkGk0AA1h4w+PA8dkj7FaH rD563Q3QA2wLL8awPDg/4j283T/3Uyf6muq5Lqr3CZVi+9JKnP6ll9Wr9HemYMBM UF6Q99COmCd408fXj+44syNxSStUwbdvxVqEdkpPP0LAQmv7lhem0FAf5TwczVGP NxfpNXbw7tjWo1i/2NpyYRJO8geGaxQ0pfuzk7f6voieeiZ1yhuJvdTRFF9j1fNe rBqkZff86AAW8m1LvYBY6DFlR2bZZjNvr+eFbuZagO98pSeVfMGVP5B46h0LJbcp nJqnE5E+QBU9b2lv0lsF5LunAon9QLk+3WM7843qHnXYAz6gQD5tHBM/hO+BUUCB AFi3TlwkefZyuXAT3quqfjaJXMd1RZ7MwKttheWVOYVdBM0BYp1cLWGpsgQwPgjY 3OupZfP+VJjnziealMcVwc0N3sa7te3FT5+ubBZ/tJ3EAv7YW8m6Tja2KpYqaIRt fYGmE9DBgj/ZkdlalLVk7amQGIzyW1jUE5bWH72r1FYnNEweLFhgU7iI1GJs9Uyc 51HQFUs1mlhPr4Xa6r7UvgHhzVfNcMeKuibJYRHeFXJORUC1Bqu/npACF3czuelN 8cHuhxzqgki9QVwR46SC+edaZIAbxb+1smaT/DBatYYPlDJoaiGOOvvG6DNr8KMs qV8IsF+cRLGlpwK8cCtn =Angt -----END PGP SIGNATURE----- _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
