[Openswan dev] [PATCH] Incorrect automatic route via ipsec0
Paul Wouters
paul at xelerance.com
Tue Oct 19 19:21:36 EDT 2010
On Wed, 20 Oct 2010, Roel van Meer wrote:
> Something else just occurred to me. We do carry Julian Anastasov's
> advanced routing patches. Maybe they are the cause why normal packets routed
> into ipsec0 get blackholed. I'll build a kernel without those patches and
> see if that will make a difference.
Ahh yes. that would be good to know.
> Just so I can fully understand this: I understand the need for routing
> packets via ipsec0 for networks that appear in tunnel definitions, but in
> what scenario would it be necessary to route traffic for other networks via
> ipsec0?
it depends on sourceip= and/or subnets= options.
eg imagine 1.2.3.0/24 <-> 5.6.7.0/24, or even a 0.0.0.0/0 subnet.
> Well, I spoke too soon when I blamed ifconfig. Sorry about that. Reviewing
> the updated _startklips script you posted taught me that both ip and
> ifconfig add the route when used in identical ways.
> That also means the new _startklips behaves identical to the old one, so the
> problem I'm having is still there. Thank you for posting it, though.
That's also good to know.
Paul
More information about the Dev
mailing list