[Vpn-help] 2.03/xp: standard gateway should not be changed

[Matthew Grooms]

Thorsten Albrecht wrote:
> 
> ok, thanks, it works.
> 
> Just a question concerning...
> "When Automatic Policy Configuration is enabled but the remote Gateway
> does not supply topology information, the VPN Client will install a
> default policy that tunnels all traffic to the Gateway."
> 
> It would be nice to deactivate this behaviour just with a checkbox as
> in Windows ... (I think the most common case is that people do not
> want to travel all traffic to the vpn gateway)
> 

Thorsten,

You mean other than the "Obtain Topology Automatically" checkbox? The 
problem is that the client wont pass any traffic if there are no 
policies defined. The default route exists because a default policy has 
been created that will tunnel all traffic ( 0.0.0.0 / 0.0.0.0 ) to the 
distant network. The routes are created to match remote policy IDs so 
that packets destined for remote networks are sourced from the virtual 
adapter.

To build a policy, you first need local and remote IDs. We know the 
local ID which will be either the public adapter IP address or the 
virtual adapter IP address. The remote IDs must be defined somehow.

The current options are ...

1) obtain the network ID list automatically from the gateway
2) use a single network ID that means everything
3) manually define a list of network IDs

The client will only be able to use option (1) when communicating with a 
Cisco, ipsec-tools or Shrew Soft IKE daemon. Option (2) is the default 
behavior when option (1) is not possible. Option (3) requires that you 
have knowledge of the remote network topology.

Thanks,

-Matthew