FreeS/WAN v tunelovem modu
Michal Ludvig
michal-linux na logix.cz
Pondělí Prosinec 3 17:31:34 CET 2001
Ing. Pavel PaJaSoft Janousek wrote:
> Michal Ludvig wrote:
>>Takze jsem se pri te prilezitosti dozvedel, ze mit na kazde gatewayi
>>stovky tunelu je zcela v poradku.
> Takze chcete rici, ze obecne bych si mel vymezit kdo s kym (s maximalni
> maskou rekneme) ma kryptovane komunikovat a tolik ruznych tunelu
> specifikovat? Je to pro mne zajimava nova informace...
Ano, presne tak. Posilam cast odpovedi z konference o FreeS/WANu, kde
jsem se na to ptal. Chtel jsem routovat vice subnetu skrz jeden tunel,
protoze se mi nechtelo vytvaret spoustu ruznych net-to-net definici.
Tohle jsem se po nekolika mailech dozvedel:
Henry Spencer wrote:
> Michal Ludvig wrote:
> > Setting up routing appears to me as being a cleaner and "cheaper"
> > solution. Is there a way to do this?
> No. Nor is this just an implementation issue; the IKE *protocol*
> makes no provision for negotiating or rekeying a tunnel which has more
> than one subnet on one end. Remember that IPsec tunnels include
> access controls; they are not just virtual wires. There is no routing
> trick which will do what you want.
Je to od cloveka ze Spysystems, tedy primo od pramene.
Michal Ludvig
--
* Cray is the only computer that runs
* an endless loop in just 4 hours.
Další informace o konferenci Linux