Re: kern/50978: Default gateway does not work with IPsec

To: gnats-bugs%NetBSD.org@localhost, kern-bug-people%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
Subject: Re: kern/50978: Default gateway does not work with IPsec
From: christos%zoulas.com@localhost (Christos Zoulas)
Date: Fri, 18 Mar 2016 09:49:13 -0400

On Mar 18,  1:30pm, frank%phoenix.owl.de@localhost (frank%phoenix.owl.de@localhost) wrote:
-- Subject: kern/50978: Default gateway does not work with IPsec

Now that I think about it more, this is probably "by design". Let's
say that you are with your home machine and you want to create an
IPSEC tunnel to work. You get assigned an IP address to connect to
the work VPN. At this point the assumption is that all traffic
should go through that VPN, because you could run into security
issues (your machine bridging work with the rest of the internet
for example). This is also how other VPNs work (routing all traffic
through the tunnel) as opposed to a split horizon approach, where
only the traffic destined for the tunnel goes there. This probably has
to do with the weak vs. strong host model:

https://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx
http://osdir.com/ml/netbsd.devel.network/2005-12/msg00080.html

TL;DR net.inet.ip.checkinterface might do what you want.

christos

References:
- kern/50978: Default gateway does not work with IPsec
  - From: frank

Prev by Date: kern/50978: Default gateway does not work with IPsec
Next by Date: Re: kern/50978: Default gateway does not work with IPsec
Previous by Thread: kern/50978: Default gateway does not work with IPsec
Next by Thread: Re: kern/50978: Default gateway does not work with IPsec
Indexes:

Home | Main Index | Thread Index | Old Index