Re: linux-ipsec: transport mode scripts and instructions

From: Michael Tahot <Michael.Tahot(at)activcard.fr>
Date: Thu Mar 05 1998 - 02:54:49 EST

        Hello

	I was reading the scripts your posted earlier and I get scared 
	of one thing. 

	Is there a way to establish a VPN between two hosts not on the
	same subnet ???
	Let's say we want to build a VPN between to sites on the internet. 
	One machine on each site will act as a router tunneling (Tunnel mode)
	IP traffic. Then the ipsec router will dispatch packet :
	. to an other gateway through default route 
	OR
	. to the correct subway if the ipsec gateway is connected to several

subnets.

        I get scared when you say

---

NOTE: Transport mode and tunnel mode GW to GW ONLY works when the two machines are on THE SAME SUBNET. Tunnel mode DOES work between to protected subnets over the internet. We are working on this limitation.

---

	If there is a solution, can you say the mode I have to choose 
	- tu, tr_esp_ah, tr_tu, tr_gw ????

	I still don't understand the way pluto works with ipsec? It seems that 
	pluto is not actually supported in ipsec 0.7 but it will be in the future
	and it will give a solution for automatic rekeying. Am I mistaking ???
		

	Thank you for your help.

	Michael

At 15:44 03/03/98 -0500, you wrote:
>Attachment Converted: "d:\eudora\attach\linux-ipsec transport mode scr"
>
Received on Thu Mar 5 03:57:14 1998