linux-ipsec: Confusion in the modes.html file, manual/auto needs extruded subnets

  I am trying to do an 'Extruded Subnet to Internet' and am very confused by the section on this in the modes.html file.   First what is all this talk about a masqueraded overlay net? What does this have to do with doing an extruded net? If this masqueraded stuff is not critical to extruded nets why is it here?   Is the ifconfig at the begining part of the extruded or the masqueraded network? Etc. etc.
  Next I can't tell which commands are issued on which machines in the example. The commands for each end or (or client if any) should be labeled in block or per line (as in "hostA# rm -rf /" etc.). With out this I have to know how this works allready or guess.

  Where do the ficonfig & route commands that are before the foward/return sections run? On some machine in Japan?

  What is the "local_sg_bcast"? The PUBLIC or the SECURE networks broadcast address? I know this is not used for extruded nets, but it gets confusing. This is an example of 'it _really_ can pay to think about your variable names...'.

  Do I run the forward/return path commands on both machines with the variables all switched? The modes.html file need a "how to use" introduction it seems.

  The even bigger problem here is that there seems to be no way to get the ipsec manual/auto system to let me do the extruded subnet thing (which is exactly what I am trying to do tonight!).   Is this doable with the current manual/auto system or does extruded subnets need to be added (if so then please add them!).

		||ugh Daniel
		hugh@toad.com

			Systems Testing & Project mis-Management
			The Linux FreeS/WAN Project
			
http://www.xs4all.nl/~freeswan