[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] ip forwarding?
From: Paul Wouters <paul () xtdnet ! nl>
Date: 2004-02-09 11:36:37
Message-ID: Pine.LNX.4.44.0402091234340.16021-100000 () expansionpack ! xtdnet ! nl
[Download RAW message or body]
On Mon, 9 Feb 2004, mark wrote:
> Am I to understand that IP Forwarding must be enabled in the kernel
> for IPSec to work?
Only if the machine has connections which are "behind it". So in the
following setup:
subnet1---gw1------internet-------host2
If you make a connection for host2 to gw1, where gateway has leftsubnet=subnet1,
then gw1 needs ip forwarding, while host2 doesn't need it.
The ipsec verify does a simple check for two interfaces and then warns you.
So the check isn't perfect. It host2 had a 2nd ethernetcard, you'd get the
warning but you could ignore it.
Paul
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic