Michael Tokarev wrote: [..] > So the question is: is the setup like this one supposed to work at all > in linux? > > I know there are other "less ugly" ways to achieve the same effect, eg > by using GRE/IPIP tunnels and incapsulating the traffic into IPSEC (this > way, we'll have only one transport-mode IPSEC "connection" and normal > interfaces to route traffic to/via), but this is NOT how the whole > infrastrtructure in their network is implemented - they - it seems, for > whatever reason - [...] > use separate tunnels to route each network.
Yes, that's how I did it, too. It works perfectly to tunnel each network segment seperately. Simple routing is not enough. Don't forget to mention your tunneled networks in the FORWARD chain, if your ipsec gateway is also your firewall. I implemented the seperate tunnels via racoon and racoon-tool from latest Debian sarge. Connectivity to a Cisco PIX was possible that way. Regards Ingo Oeser - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
