On Thu, 2006-07-27 at 17:25 +0200, Marco Berizzi wrote: > Andy Gay wrote: > > >As Herbert said, the right= address doesn't matter. Search for 10.180. > > If it doesn't matter, who told to linux to send packets for > 10.180.0.0/16 to 172.16.1.253?
You're confusing routing with IPsec policy. Your routing table determines where packets are sent. The IPsec policy determines which packets are processed by IPsec. If packets match the policy and are encapsulated in a tunnel, the new packets will have different source/dest addresses which will then be forwarded according to the routing table. > > >BTW - in your erlier mail you had "rightsubnet=10.180.0./16". Looks like > >a typo there. > > yes it was a typo. > > > - > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
