On Mon, Oct 3, 2011 at 6:10 AM, Tobias Brunner wrote:
> Hi Diego,
>
>>>
>>>
>>>
>> I forgot to clarify that route is inserted if compress=no. In
>> kernel_netlink_ipsec.c add_policy methed, the code checks if mode !=
>> MODE_TRANSPORT to insert to route.
>
> Yes, if IPComp is e
Hi Diego,
>>>
>>>
>>>
>>>
>>
>>
>>
> I forgot to clarify that route is inserted if compress=no. In
> kernel_netlink_ipsec.c add_policy methed, the code checks if mode !=
> MODE_TRANSPORT to insert to route.
Yes, if IPComp is enabled the actual IPsec SA uses transport mode in the kernel
as
Hi,
> In kernel_netlink_ipsec.c add_policy methed, the code checks if mode !=
> MODE_TRANSPORT to insert to route.
Yes. Why do you need an additional route in transport mode? There are
usually no new addresses or routes involved, transport mode just
protects the traffic between two hosts that alr
On Fri, Sep 30, 2011 at 1:52 PM, Diego Woitasen wrote:
> On Fri, Sep 30, 2011 at 8:12 AM, Diego Woitasen wrote:
>> Hi,
>> I have the configure below. I don't know why Charon doesn't set the
>> routes after SA establishment. It's a net-to-net tunnel and works
>> perfectly for hosts behind the gat
On Fri, Sep 30, 2011 at 8:12 AM, Diego Woitasen wrote:
> Hi,
> I have the configure below. I don't know why Charon doesn't set the
> routes after SA establishment. It's a net-to-net tunnel and works
> perfectly for hosts behind the gateway but if I want to connect from
> one of the gateways to a
Hi,
I have the configure below. I don't know why Charon doesn't set the
routes after SA establishment. It's a net-to-net tunnel and works
perfectly for hosts behind the gateway but if I want to connect from
one of the gateways to a host behind the peer I have to configure the
route with "src" manu