[Openswan dev] [PATCH] Incorrect automatic route via ipsec0

Paul Wouters paul at xelerance.com
Tue Oct 19 19:21:36 EDT 2010

On Wed, 20 Oct 2010, Roel van Meer wrote:

> Something else just occurred to me. We do carry Julian Anastasov's
> advanced routing patches. Maybe they are the cause why normal packets routed
> into ipsec0 get blackholed. I'll build a kernel without those patches and
> see if that will make a difference.

Ahh yes. that would be good to know.

> Just so I can fully understand this: I understand the need for routing
> packets via ipsec0 for networks that appear in tunnel definitions, but in
> what scenario would it be necessary to route traffic for other networks via
> ipsec0?

it depends on sourceip= and/or subnets= options.

eg imagine <->, or even a subnet.

> Well, I spoke too soon when I blamed ifconfig. Sorry about that. Reviewing
> the updated _startklips script you posted taught me that both ip and
> ifconfig add the route when used in identical ways.

> That also means the new _startklips behaves identical to the old one, so the
> problem I'm having is still there. Thank you for posting it, though.

That's also good to know.


More information about the Dev mailing list