Date: Tue, 13 Aug 2002 16:19:50 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Les Biffle <les@safety.net> Cc: Lars Eggert <larse@ISI.EDU>, hackers@freebsd.org Subject: Re: IP routing question Message-ID: <3D599416.5CDE92D9@mindspring.com> References: <200208131813.g7DIDiH14643@ns3.safety.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Les Biffle wrote: > > You could use the draft-touch-ipsec-vpn-04.txt together with ipfw rules, > > but then you say you don't want to look at IP addresses... > > I'm happy to look at outside addresses, just not the ones on the inside. > I would also consider matching up endpoint (VPN gateway or "outside") > address and SPI to know which SA a packet is arriving on, for the > inbound-through-tunnel direction, and then use the vlan interface name > to help select the departing tunnel, if possible. > > > So no, I don't see how it can be done under your constraints. > > Well, not perhaps without some nethacks in the kernel. I've certainly > done that before, but would prefer something more vanilla. One short answer is to not set a default route, per se. I know this is ugly, but it fixes the IPSec tunnel problem. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D599416.5CDE92D9>