[Openswan Users] IPSEC through multiple internet interfaces
Bart Duchesne
bd at able.be
Tue Jul 27 13:26:43 CEST 2004
Hi all,
I have a box using two internet connections ( ADSL and CABLE ; each a
fixed IP )
I defined some iproute2 stuff to do split routing on both interfaces, it
works , reply are sent on the interface the request came in.
Now I've setup my freeswan (superfreeswan 1.99-8 soon to be converted to
openswan; kernel 2.4.24) to both internet connections using a line like
this:
interfaces="ipsec0=ppp0 ipsec1=eth1"
I define my tunnels each with the correct left/right IP and left/right
nexthop from each corresponding interface.
The tunnels are established successfully, all UDP 500 traffic is routed
correctly through the right interface.
But the problem is the ESP traffic: tunnels using the 'default gateway
device' ppp0 work as they should
ESP packets for the tunnels through eth1 device leave with the correct
IP (that of eth1) but leave on the wrong interface (ppp0).
I thought that KLIPS bypasses the kernel routing for it's ESP packets
and does the routing directly (isn't that way xxxnexthop exists in the
first place) ?
Can anybody gve me some pointers where to look , how to fix , what to do ?
thanks
Bart
--
aXs GUARD has completed security and anti-virus checks on this e-mail
(http://www.axsguard.com)
More information about the Users
mailing list