Re: [Design] how FS is supposed to deal with problems further down the stack

Appearantly they didn't make it to the list, (or back to until now) So here it is again ,
just my .02

kind regards,
Nico Baggus

On Monday 10 March 2003 14:12, martin f krafft wrote:
>
> subnet ---- host A ---- internet ---- router ---- main host ---- host B

If redesigning please keep the following into mind....

(internet) ----- DSLAM -- ADSL/MDM <1.1.1.1> --- <Internet Address> FS Host - Localnet (192.168.x.x)

This can be setup with routes like :

On the adsl modem: a host route to <internet address> through interface with 1.1.1.1

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

On FS-Host: (assuming the FS host internet interface is eth0)

add route 1.1.1.1/32 dev eth0
add route default gw 1.1.1.1 dev eth0

ALL the ipsec routes should then be added with

        route add -net <net>/<mask> dev ipsec0
(!Note without GW).

Also the net/net vs. net/host vs host/host can be solved at the routing layer by specifying that for leaving packets a different interface address should be used
for source. (ip route add ... src 192.168.1.1 , assuming the eth1 has address 192.168.1.1 and the above mentioned example)

kind regards,
Nico Baggus