-----BEGIN PGP SIGNED MESSAGE----- On Monday 04 August 2003 23:59, you wrote: > My freeswan gateway has many IPs aliases, and ipsec0 has been configured on > the primary IP (eth0). When an ipsec connection is established, I can > access the gateway's services via the primary IP (e.g. Web, email, etc.), > but I cannot access anything running on an aliased IP. Specifically, there > are several websites running dedicated IPs which are aliases, and I cannot > access them from the Windows client until I turn off the ipsec connection.
Theory: Packets in the clear from your win2k client arrive just fine. Responses from the other IPs still get shunted into the IPsec machinery via a /32 entry in your routing table. When no eroute matches, the packets are thrown away. > How can I resolve this? Create the needed eroutes so that reply packets aren't thrown away, but rather encrypted and sent down the tunnel to your win2k box. Defining additional tunnels with the "subnet" parameter set to those IP addresses will do the trick. (or one tunnel with a subnet parameter that covers the entire range) - -- Sam Sgro [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: For the matching public key, finger the Reply-To: address. iQCVAwUBPy85dkOSC4btEQUtAQGTIAP+Ifl10/yWyOzEqbIzTaJer6DO/m/pjXvY ygY7No4KmFuwP3BE1G7aEObnV3jdl2mZMP1pa37EurZx/f+YgEXO9SnTAUsPziro oF5h1j8kuuArs6MhOG2s3OPQTDX2KIqxvcOqOzH9sbTR+XpQzsftaYPnUAwDI0gQ VM8uPA/2Vqo= =6KQM -----END PGP SIGNATURE-----
