From: "Matías López Bergero" <mlopezb@udesa.edu.ar>
To: linux-admin@vger.kernel.org
Subject: Re: FreeSWAN VPN gateway+firewall combo..: SOLVED
Date: Thu, 28 Oct 2004 18:07:48 -0300 [thread overview]
Message-ID: <41815FA4.1090305@udesa.edu.ar> (raw)
In-Reply-To: <Pine.SOL.4.56.0410211523450.15111@hadar.cse.Buffalo.EDU>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I had a problem like the one your mentioned using freeswan.
Looks that the routes are generated by the OE(opportunistic encryption),
you need to disable that in order to prevent those extra routes.
Now I'm using openswan 1.0.4, a fork of freeswan, because the freeswan
project is no longer in active development.
Here is the freeswan announcement:
http://www.freeswan.org/ending_letter.html
BR,
Matías.
Tony Gogoi wrote:
| Thanks to a mail from one of the list members, I looked at the routing
| table and removed the extra "default" and removed other extranaeous
| entries too. The VPN gateway can now handle both VPN and non-vpn traffic.
|
| So, it was an issue with the routing table rather than the firewalls
| scripts.
|
| I'll now look why ipsec causes those extra entries in the routing table.
|
| On Wed, 20 Oct 2004, Tony Gogoi wrote:
|
|
|>
|>If there is some way of packet filtering on the basis of source and
|>destination address to be able to control on which interface a packet may
|>be sent out, that would be great.
|>
|>While starting IPSEC, route command shows 2 defaults ! on interafaces eth0
|>and ipsec0. Right now non-vpn traffic is being routed through ipsec0
|>whenever IPSEC is "up". Is there a way to direct packets to a particular
|>interface of my choosing? That way all packets who's protocol types are
|>not VPN protocol types could be directed on that interface.
|>
|>On Wed, 20 Oct 2004, Tony Gogoi wrote:
|>
|>>Is there a way to disnguish between VPN and Non-VPN traffic in iptables
|>>while the VPN tunnel is "up"?
|>>
|>>Any hints will be appreciated.
|>>
|>>Thanks,
|>>Tony
|>>
|>>
|>
|>
|>
|>Tony Gogoi
|>
|
|
|
|
| Tony Gogoi
| -
| To unsubscribe from this list: send the line "unsubscribe linux-admin" in
| the body of a message to majordomo@vger.kernel.org
| More majordomo info at http://vger.kernel.org/majordomo-info.html
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBgV+kRB0HKLRQp/gRAiouAJ9Yk33KcqXZAUND2IygREADer0xPACeKKGC
Ai3bjZUi7hY7AC3Q6fvueOc=
=h9Uq
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2004-10-28 21:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-20 19:16 FreeSWAN VPN gateway+firewall combo Tony Gogoi
2004-10-20 20:39 ` Tony Gogoi
2004-10-21 19:26 ` FreeSWAN VPN gateway+firewall combo..: SOLVED Tony Gogoi
2004-10-28 21:07 ` Matías López Bergero [this message]
2004-10-28 21:21 ` Tony Gogoi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41815FA4.1090305@udesa.edu.ar \
--to=mlopezb@udesa.edu.ar \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).