[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] How can i use virtual ipsec0-n interfaces?
From: andreas.steffen () strongsec ! net (Andreas Steffen)
Date: 2005-03-24 8:45:02
Message-ID: 42426FFC.5040804 () strongsec ! net
[Download RAW message or body]
strongSwan in conjuction with the native IPsec stack
does the routing through the tunnel automatically.
Regards
Andreas
Logvin Artem wrote:
> On Thu, Mar 24, 2005 at 08:25:10AM +0100, Andreas Steffen wrote:
>
> how traff from 20.0.2.0/24 going to 10.0.10.0/24 ?
> without any route configurations by hands.
>
>
>>Logvin Artem wrote:
>>
>>>hmm. and how now working security-routing ?
>>>automaticaly!?
>>>
>>
>>I'm using a normal updown script based on the updown_x509
>>iptables template. The rules are applied to eth0. If you
>>want to make really sure that no attacker can enter the firewall
>>during the time when the tunnel is up, e.g. by spoofing the
>>IP source address then you could mark the incoming ESP packets
>>and apply your firewall rules on the still marked packets coming
>>out of the tunnel.
>>
>>
>>>20.0.2.0/24-192.168.1.1 --- wan --- (B)200.200.200.10-10.0.10.0/24
>>>
>>>p.s.: how i can change auth-algo to sha1 (now md5)?
>>>my freebsd (with racoon) using sha1 for auth.
>>>
>>
>>in ipsec.conf:
>> ike=sha
>> esp=sha1
>>
>>
>>>thanx alot :)
>>>
>>>On Thu, Mar 24, 2005 at 07:56:23AM +0100, Andreas Steffen wrote:
>>>
>>>
>>>>The native IPsec stack of the Linux 2.6 kernel does
>>>>not possess any virtual ipsecN interfaces. full stop.
>>>>
>>>>Regards
>>>>
>>>>Andreas
>>>>
>>>>Logvin Artem wrote:
>>>>
>>>>
>>>>>Hi guys,
>>>>>how can i use virtual ipsec0-n interfaces on linux with
>>>>>native-ipsec-kernel 2.6?
>>>>>in config i have "interfaces="ipsec0=eth-0""
>>>>>but when strongswan start, i can't find any ipsecN interface.
>>
> _______________________________________________
> Users mailing list
> Users@lists.strongswan.org
> http://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic