[plug] Advanced IPSec routing

Andrew Cooks acooks at gmail.com
Mon Oct 10 13:14:10 WST 2011

On Mon, Oct 10, 2011 at 6:34 AM, Steve Baker <steve at iinet.net.au> wrote:
> I think that the problem is that B decides that packets going to network E
> do not go through an IPSec tunnel (as E is not connected to the gateway B
> system, directly or via IPSec) then by the time the new routing rule above
> says 'send it to gateway C' it is too late to go through any IPSec tunnels.

Hi Steve

I think you need to set the route in ipsec on gateway B with something like:
# ipsec eroute --add --eraf inet --src A.A.A.A/24 --dst E.E.E.E/24 --said %pass

I hope that helps and good luck.


"One good reason why computers can do more work than people is that
they never have to stop and answer the phone."

More information about the plug mailing list