[Openswan Users] "Simple" ? Vpn setup
Nicolas Ross
rossnick-lists at cybercat.ca
Thu Nov 18 15:51:28 CET 2004
I'll reply to my own post, just to follow up.
Does anybody can give me hint on why I end up with 2 default routes ?
Thanks
----- Original Message -----
From: "Nicolas Ross" <rossnick-lists at cybercat.ca>
To: <users at openswan.org>
Sent: Friday, October 29, 2004 2:01 PM
Subject: [Openswan Users] "Simple" ? Vpn setup
> Hi All !
>
> I am verry new to the VPN ipsec thing... I have verry extensive experince
> with linux and ip routing in general, iptables etc.
>
> What I want to achieve is make a net-to-net connection between two linux
> boxes. Both have rh7.3, custom kernel, both have Openswan installed and it
> seems ok.
>
> Presently, my ipsec.conf looks like this :
>
> conn testvpn
> left=nn.nn.nn.nn
> leftsubnet=192.168.10.0/24
> leftid=@testipsec.domain.com
> leftnexthop=nn.nn.nn.yy
> right=mm.mm.mm.mm
> rightsubnet=192.168.11.0/24
> rightid=@testipsec2.domain.com
> rightnexthop=mm.mm.mm.yy
> auto=add
>
> Where nn.nn.nn.nn is the IP of box A leading to the internet, and the .yy
> ip is it's gateway. Same for box B.
>
> When I do a "service ipsec start" on box A, ipsec adds 3 new routes :
>
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> nn.nn.nn.0 0.0.0.0 255.255.255.240 U 0 0 0
> ipsec0
> 0.0.0.0 nn.nn.nn.yy 128.0.0.0 UG 0 0 0
> ipsec0
> 128.0.0.0 nn.nn.nn.yy 128.0.0.0 UG 0 0 0
> ipsec0
>
> (only new routes are shown)
>
> Why does ipsec need to add a new default route (second one) ?
>
> Or what am I doing wrong ?
>
> Nicolas
More information about the Users
mailing list