Marco Berizzi <[EMAIL PROTECTED]> wrote:
>
> 172.16.0.0/23 dev eth2 proto kernel scope link src 172.16.1.1
> 10.180.0.0/16 via 172.16.1.253 dev eth2
> 10.0.0.0/8 via pub_ip dev eth0
> 127.0.0.0/8 dev lo scope link
>
> I have noticed that packets for 10.180.0.0/16 network
> are eaten by the ipsec tunnel because the policy allow
> them. Is there a way to deliver packets for 10.180.0.0
> network to the 172.16.1.253 router (because the route
> to 10.180.0.0 is more specific than 10.0.0.0/8)?
You need an IPsec pass action. With Openswan you can do it with
something like
conn pass
left=%defaultroute
# This should be the leftsubnet of your 10.0.0.0/8 connection.
leftsubnet=0.0.0.0/0
# This field doesn't really matter.
right=172.16.1.253
rightsubnet=10.180.0.0/16
type=passthrough
authby=never
auto=route
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
