<div>Hi all,</div>
<div> </div>
<div>Here is my network configuration:</div>
<div> </div>
<div> </div>
<div>PC1 <--> IpCop1 <--> Router 1 <---> Router 2 <--> IpCop 2 <--> PC2</div>
<div> </div>
<div>PC1: <a href="http://192.168.5.177">192.168.5.177</a> gw <a href="http://192.168.5.254">192.168.5.254</a></div>
<div>IpCop 1: <a href="http://192.168.5.254">192.168.5.254</a> and <a href="http://192.168.7.254">192.168.7.254</a> gw <a href="http://192.168.7.1">192.168.7.1</a></div>
<div>Router 1 (R1): <a href="http://192.168.7.1">192.168.7.1</a> and <a href="http://82.23.32.140">82.23.32.140</a></div>
<div>Router 2 (R2): <a href="http://192.168.10.1">192.168.10.1</a> and <a href="http://82.23.32.138">82.23.32.138</a></div>
<div>IpCop 2 : <a href="http://192.168.2.254">192.168.2.254</a> and <a href="http://192.168.10.254">192.168.10.254</a> gw <a href="http://192.168.10.1">192.168.10.1</a></div>
<div>PC2: <a href="http://192.168.2.183">192.168.2.183</a></div>
<div> </div>
<div>At the beginning, on my ipcop boxes, there was openswan-1.0.7 and it works well. Now, i'am trying to upgrade to openswan-2.4.7 but i have some problems.</div>
<div> </div>
<div>On ipcop, ipsec is running when vpn service is activated even if there is no configured tunnel. For example, i can create vpn between the two ipcop boxes and trafic goes through tunnel perfectly. Problems begin when i disable the tunnel. When there is no activated tunnel, i can't reach the
<a href="http://192.167.7.1">192.167.7.1</a> interface from PC1 while i can reach it if tunnel is activated.</div>
<div> </div>
<div>Here is routing table :</div>
<div> </div>
<div>when vpn service is disebled:</div>
<div> </div>
<div><a href="http://192.168.7.0">192.168.7.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth2</div>
<div><a href="http://192.168.5.0">192.168.5.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth0</div>
<div><a href="http://192.168.3.0">192.168.3.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth1</div>
<div><a href="http://0.0.0.0">0.0.0.0</a> <a href="http://192.168.7.1">192.168.7.1</a> <a href="http://0.0.0.0">0.0.0.0</a> eth2</div>
<div> </div>
<div>when vpn service is enabled and tunnel activated:</div>
<div> </div>
<div><a href="http://192.168.7.0">192.168.7.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth2</div>
<div><a href="http://192.168.7.0">192.168.7.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> ipsec0</div>
<div><a href="http://192.168.5.0">192.168.5.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth0</div>
<div><a href="http://192.168.3.0">192.168.3.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth1</div>
<div><a href="http://192.168.2.0">192.168.2.0</a> <a href="http://192.168.7.1">192.168.7.1</a> <a href="http://255.255.255.0">255.255.255.0</a> ipsec0</div>
<div><a href="http://0.0.0.0">0.0.0.0</a> <a href="http://192.168.7.1">192.168.7.1</a> <a href="http://0.0.0.0">0.0.0.0</a> eth2 </div>
<div> </div>
<div>when vpn is enabled and tunnel disabled:</div>
<div> </div>
<div>
<div><a href="http://192.168.7.0">192.168.7.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth2</div>
<div><a href="http://192.168.7.0">192.168.7.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> ipsec0</div>
<div><a href="http://192.168.5.0">192.168.5.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth0</div>
<div><a href="http://192.168.3.0">192.168.3.0</a> <a href="http://0.0.0.0">0.0.0.0</a> <a href="http://255.255.255.0">255.255.255.0</a> eth1</div>
<div><a href="http://0.0.0.0">0.0.0.0</a> <a href="http://192.168.7.1">192.168.7.1</a> <a href="http://0.0.0.0">0.0.0.0</a> eth2</div>
<div> </div>
<div>A tcpdump on eth2 and ipsec0 show that, when tunnel is disebled, trafic from PC1 to <a href="http://192.168.7.1">192.168.7.1</a> goes through ipsec0 interface. </div>
<div>I don't really undestand why i can reach R1 when tunnel is activated and i can't reach it when tunnel is disabled. Do you have any idea? </div>
<div> </div>
<div>Just an other question, why is route to <a href="http://192.168.7.0/24">192.168.7.0/24</a> via ipsec0 inserted in routing table? In order to create vpn ? Can i delete this route when tunnel is disabled and add it again when i want to enable tunnel ?
</div>
<div> </div>
<div>Thanks a lot for your help. If you need more information, like configuration file, i can give it...</div>
<div> </div>
<div>Ludovic.</div></div>