> -----Urspr|ngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Im Auftrag von Carlos Laviola > Gesendet: Donnerstag, 6. November 2008 13:34 > An: misc@openbsd.org > Betreff: isakmpd routing woes > > > Hello, > > > > I have three /24 networks connected to each other through > multihomed OpenBSD 4.0 servers using isakmpd(8). Recently, > new point-to-point links have been installed between each of > those networks on separate interfaces, and I would like to > make it so traffic coming from/through specific (single) IPs > in each of those networks reaches other specific single IPs > in the other networks. Simply using route(8) was not enough, > so I'm wondering if anyone knows if and how this can be done > -- if this can still be done through isakmpd, great, but a > way to bypass it so that the traffic can be redirected to the > interfaces with the new links would also be enough. > > > > Thanks in advance! > > Carlos > > > > [ Please Cc replies to me if possible, as I'm not subscribed > to the list. ] > > > As far as I understand, the routes defined through isakmpd takes presidence over routes defined via "route add" command.
But you can make isakmpd ignore specific ip addresses by adding bypass rules to your ipsec.conf like flow esp from a.b.c.0/24 to 10.105.60.100/32 type bypass would bypass the ipsec tunnel between a.b.c.0/24 and 10.105.60.0/24 if the target address is 10.150.60.100. Hope this helps Regards
