Menu
▾
▴
Re: [Shorewall-users] Routing on IPSec Gateways
|
From: Tom E. <te...@sh...> - 2006-10-31 16:41:13
|
Cyber Dog wrote: > The only problem I > have is for some reason it feels like a sloppy solution to be manually > adding routes outside of shorewall, which basically controls the rest > of the routing/natting/vpn/etc for the machine. Is there a way to add > this vpn route within Shorewall, or is my only option doing static > routing outside of the application? Repeat after me: "Shorewall does not control routing" Repeat one more time: "Shorewall does not control routing" One more time, please: "Shorewall does not control routing" Ok, that's not quite true -- if you have entries in /etc/shorewall/provid= ers or /etc/shorewall/route_rules, then Shorewall does get involved in routing; = also it can add simple host routes as part of setting up Proxy ARP. But the poin= t is that Shorewall is not responsible for the routing of VPN traffic; it is t= he responsibility of the VPN software to alter routing where needed. One more point -- if you are running kernel 2.6.18, then you should be us= ing the native IPSEC implementation that is part of kernel 2.6. In that case, rou= ting isn't involved at all in deciding what traffic is handled by IPSEC (there= are no ipsecN interfaces). So I guess I don't understand your configuration. -Tom --=20 Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ te...@sh... PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key |