[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipsec
Subject:    Re: linux-ipsec: RW Routing
From:       "Christian Zeng" <ch.zeng () gmx ! net>
Date:       2000-07-29 14:50:43
[Download RAW message or body]

Hi,

> Create a new subnet, 10.2.0.0 and make 10.2.0.1 a router (VLAN).
> Have all of the traffic for the 10.2.0.0 network sent from the
> router to the FreeS/WAN box. On the RW boxes, create a virtual IP
> on the 10.2.0.0 network, and set the subnet= directive to
> 10.2.0.x/32.

I think this is possible, but it is more difficult to implement and to
troubleshoot this if you got problems.

Furthermore I'm not sure of the routing process:

How would you tell your rw to connect to the opposite gateway? They need
access to the same network they virtual connected to, bt setting up an IP
address creates automatic the correct route for the network (or hostroute
with /32) on the rw side. Sending traffic to the virtual created net from
the rw side will IMHO not initiate the IPSec process building up a tunnel to
your gateway.
Please correct me if  I'm wrong.

Use masquerading on the IPSec gateway side (corporate lan) instead of
playing with virtual networks. I think, creating a logical net (where your
RW's have IP addresses from the same network your client/server boxes have)
isn't the usual way IPSec VPN's are build (but it's interesting, of course).

Bye,

Christian

[prev in list] [next in list] [prev in thread] [next in thread]