On 2011-09-09, Christian Weisgerber <na...@mips.inka.de> wrote: > Stuart Henderson <s...@spacehopper.org> wrote: > >> laptop: >> ike dynamic esp from egress to 0.0.0.0/0 peer 11.22.33.44 >> >> router: >> ike passive esp from any to any >> >> possible complications:- >> >> - if you will be communicating with other machines in the same subnet, >> they will send return traffic directly rather than via the router, > > No, they won't. > > Oh, wait, do you mean other machines in the same subnet but _without_ > this IPsec configuration? Don't do that. The wireless and the > wired network need to be separate subnets with the IPsec gateway > in between. >
Yes, that's exactly what I meant.
