Re: linux-ipsec: Confusion in the modes.html file, manual/auto needs extruded subnets

-----BEGIN PGP SIGNED MESSAGE-----
> I am trying to do an 'Extruded Subnet to Internet' and am very

Hmmm, I agree, it is confusing. I will set up my test subnet to do that only and change the extruded section of modes.html. Hmmm, looking at it, I would have to make an exception for that sub-section since the whole tunnelling section assumes all machines are setup and can see the internet. Suggestions?

> Is the ifconfig at the begining part of the extruded or the

Extruded. The masqueraded stuff has already been setup and is assumed to be working.

> Next I can't tell which commands are issued on which machines in the

All these commands are run on the sg of the net with only one valid internet address. Is this not clear from the intro?

> Where do the ficonfig & route commands that are before the

All on the same machine.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

> What is the "local_sg_bcast"? The PUBLIC or the SECURE networks

It is the upstream, ie. nexthop's broadcast address. Can you suggest a better name? Would "local_sg_public_bcast" work? I must conced to having confused myself more than once while writing the document.

> Do I run the forward/return path commands on both machines with the

Yes. Right, agreed.

> The even bigger problem here is that there seems to be no way to get

Yes, I have made some noise about that too.

> Is this doable with the current manual/auto system or does extruded

This can only be done with completely manual setup (ie. not even 'ipsec manual' ).

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

> ||ugh Daniel

        slainte mhath, RGB
- --

Richard Guy Briggs -- PGP key available                Auto-Free Ottawa! Canada
rgb at conscoop dot ottawa dot on dot ca                <
http://flora.org/afo/>

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNl75yt+sBuIhFagtAQGOswP8Cx7gtx8VXI8/OrR4Io7lTniYTLewVlDo RLqsWgYY4zQC5UNR2OJ7Ex+652a1gThHZaesjb7R8xWZjOvEs1Z8cruusLJF0e7c rSS9IJepJj/VEzaXpqjg469vWuyI9nyf93zXkiJayTqOzI0vAtP6d6Qv2509diMC IqYt36xf990=
=Xk6a
-----END PGP SIGNATURE----- Received on Fri Nov 27 14:49:21 1998