Brian J. Murrell wrote: > On Wed, 2007-02-07 at 07:23 -0800, Tom Eastep wrote:
> > Yes, again, though it's quite rigid. My example of how I can manually > solve the problem, but doing a: > > # ip route add 10.75.23.0/24 via 10.33.66.2 dev tun0 table CGCO > > is more flexible because it allows the current routing policy to make > the decisions and should even deal with a sudden change in default > routing transparently. As I understand route_rules, it would not. > > Why would I want this flexibility? Failover/redundancy. I could tell > my peers they could connect to either of my Internet addresses for > openvpn service and as long a the outbound routing decision is made in > the routing table, connections should work on either ISP interface > transparently. I think. :-) The Shorewall Multi-ISP documentation clearly states that what Shorewall provides is based on static routing and doesn't even attempt to deal with dynamic change. It you don't like it, you are free to use something else. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
