Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > design > 03 > 030259.html (Request Expert lists.freeswan.org Support)

[Design] interfaces=%defaultroute

From: D. Hugh Redelmeier <hugh(at)mimosa.com>
Date: Sat Mar 22 2003 - 20:29:47 EST


-----BEGIN PGP SIGNED MESSAGE-----
ipsec.conf's config setup section has an option "interfaces=" to specify a pairing of ipsecN and physical interfaces to by used by FreeS/WAN.

I thought that in the interfaces= list %defaultroute had to stand alone. Through reading the code, it turns out that there can be other list members. I've wanted this facility.

My misunderstanding was based on a literal reading of ipsec.conf(5). Here is the relevant bit from 1.99 (before I played with it). 

       interfaces    (required)  virtual  and physical interfaces
                     for IPsec to use: a single  virtual=physical
                     pair, a (quoted!) list of pairs separated by
                     white space, or %defaultroute,  which  means
                     to  find  the  interface  d that the default
                     route points to, and  then  act  as  if  the
                     value   was  ``ipsec0=d''.   (Also,  in  the
                     %defaultroute case,  information  about  the
                     default route and its interface is noted for
                     use by ipsec_manual(8) and ipsec_auto(8).)

In this, %defaultroute is an alternative to the list.

I've reworded the 2.x version of this. Some changes were already made for 2.x. 

       interfaces    virtual and physical interfaces for IPsec to use: a  sin-
                     gle virtual=physical pair, a (quoted!) list of pairs sep-
                     arated by white space, or %none.  One of the pairs may be
                     written as %defaultroute, which means: find the interface
                     d that the default route points to, and then  act  as  if
                     the   value   was  ``ipsec0=d''.   %defaultroute  is  the
                     default; %none must be used to denote no interfaces.   If
                     %defaultroute is used (implicitly or explicitly) informa-
                     tion about the default route and its interface  is  noted
                     for use by ipsec_manual(8) and ipsec_auto(8).)

(This will be checked in when the repository becomes available.)

Hugh Redelmeier
hugh@mimosa.com voice: +1 416 482-8253

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

Do you need help?X

iQCVAwUBPn0OD8FAuQPManGZAQEeLQP+LMFFvZsov7/GPj2wn4Yp/GJMe7FyRvXs f3pl857nxSdt0Yt9JZsxlcLS7zDNKgBuwOg1qFe4wzx07dK5SyxS/jfI0ELrCwuA OCcHQxFIZvPnMMTn0Ws+0xOr/RefH/kqm/Ho1NY8PwAY8KST5Jl9zYnRSV3myejh 6Da2oPayG7g=
=9hjp
-----END PGP SIGNATURE-----


Design mailing list
Design@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/design Received on Sat Mar 22 20:53:25 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:57 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library