as i thought i was talking out my **** i see arp and fncy routing is not
needed with racoon as it is with freeswan and the kernel seems to take care
of the traffic auto magicaly ... this is nice to know ...
here is my test setup
1)linux boxen (22.214.171.124) with racoon 1 set to generate policy one set with
spdadd 0.0.0.0/0 10.10.255.22/32 any -P in ipsec
spdadd 10.10.255.22/32 0.0.0.0/0 any -P out ipsec
the ohther box runs pppoe-server so i can simulate a dial up 192.168.0.1 is
the server address [alias to eth0 10.10.255.1 the main neteork]
2)on the initioator i add a dummy interface with the 10.10.255.22 address then
set up all packets to be sent from this address (not interface) via the ppp
ip link set dummy0 up
ip addr add 10.10.255.22/32 dev dummy0
ip route add 0/0 via 192.168.0.1 dev ppp0 src 10.10.255.22
3)if i ping any thing magic happens and the SA comes up and i can ping .22
from other machines but checking the ARP there is no entry that i was
expecting to have to add to allow users on the road the ability to access the
network with there ip's with no changes ... damm this is good as we would say
here in south africa ...
"eish dis woone eish she is strong"
when i add a alias to the dummy and ping it from the server i get a responce
and a arp entry is added by the kernel to the ether net card .. so it looks
like the kernel internals are really hard and work well ...
now just to add iptable rules so that the system wont see the traffic as
spoofed and reject it when applying ingress/egress filters ...
you got to love the dummy interface :)
Gregory Hinton Nietsky
Jabber: irroot <irroot@...>
ICQ: 281096462 <irroot>
Gadu-Gadu: 5262483 <irroot>
This message has been scanned for viruses and
dangerous content by Network Sentry, and is
believed to be clean.