[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] ip forwarding?
From:       Paul Wouters <paul () xtdnet ! nl>
Date:       2004-02-09 11:36:37
Message-ID: Pine.LNX.4.44.0402091234340.16021-100000 () expansionpack ! xtdnet ! nl
[Download RAW message or body]

On Mon, 9 Feb 2004, mark wrote:

> Am I to understand that IP Forwarding must be enabled in the kernel
> for IPSec to work?

Only if the machine has connections which are "behind it". So in the 
following setup:


subnet1---gw1------internet-------host2

If you make a connection for host2 to gw1, where gateway has leftsubnet=subnet1,
then gw1 needs ip forwarding, while host2 doesn't need it.

The ipsec verify does a simple check for two interfaces and then warns you.
So the check isn't perfect. It host2 had a 2nd ethernetcard, you'd get the
warning but you could ignore it.

Paul

[prev in list] [next in list] [prev in thread] [next in thread]