Timothy J. Massey wrote:
Why wouldn't the IPSec tunnels not have a *higher* priority than the interface routes? That doesn't make sense to me.
It's pretty nonsensical all right and is one of the reasons that there is a policy-based IPSEC implementation in the 2.6 Linux kernel. The old implementation in FreeS/Wan and its derivatives used routing to trigger encryption -- it was a flawed approach.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature