[Openswan Users] routing probs with kernel 2.6.6
MarekGreško
gresko at thr.sk
Thu Jul 1 11:15:07 CEST 2004
Try disabling OE, if you do not need it.
Marek
> Hi,
>
> i have following scenario:
>
> LAN --- (eth0) GW (eth1) ROUTER --- INTERNET
>
> eth0 = 192.168.1.2
> eth1 = 172.31.0.2
> default gw = 172.31.0.1
>
> I am using the native ipsec implementation and so i have no virtual device.
> What do i have to configure for the keyword "interfaces" ?
>
> If i use "%defaultroute" the routing table looks very strange and the GW is
> not accessible anymore. It looks like:
>
> 192.168.1.0 0.0.0.0 255.255.255.0 eth0
> 172.31.0.0 0.0.0.0 255.255.255.252 eth1
> 0.0.0.0 172.31.0.1 128.0.0.0 eth1
> 128.0.0.0 172.31.0.1 128.0.0.0 eth1
> 0.0.0.0 172.31.0.1 0.0.0.0 eth1
>
> Here is a part of my ipsec.conf:
>
> --- snip ---
>
> config setup
> # THIS SETTING MUST BE CORRECT or almost nothing will work;
> # %defaultroute is okay for most simple cases.
> interfaces="%defaultroute"
> plutoopts="--interface eth1"
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=none
> plutodebug=none
> # Use auto= parameters in conn descriptions to control startup actions.
> #plutoload=%search
> #plutostart=%search
> # Close down old connection when new one using same ID shows up.
> uniqueids=yes
> nat_traversal=yes
> overridemtu=1300
>
> conn %default
> type=tunnel
> keyexchange=ike
> keyingtries=0
> disablearrivalcheck=no
> authby=rsasig
> #leftrsasigkey=%cert
> rightrsasigkey=%cert
> leftsubnet=192.168.1.0/24
> #leftcert=private/gatewayCert.pem
> leftcert=gatewayCert.pem
> leftid="/C=DE/ST=Hamburg/O=GBI Grosshamburger
> Bestattungsinstitut/CN=gateway.
> gbi-hamburg.de"
> right=%any
> pfs=yes
> left=172.31.0.2
> leftnexthop=172.31.0.1
> auto=add
>
> --- snip ---
>
> Any ideas ?
--
Marek Greško
THR Systems, a. s.
More information about the Users
mailing list