[Openswan Users] Problem of routing under openswan
Paul Wouters
paul at xelerance.com
Mon Jun 28 14:16:58 CEST 2004
On Mon, 28 Jun 2004, Dominique Blas wrote:
> I have the same problem with racoon so I've supposed it's a kernel related problem but it only appears
> when using native IPSEC !
> A tunnel is established through eth1 with subnet 10.2.0.0/16. Since on the opposite side of this tunnel there is another tunnel towards 10.3.0.0/16
> I had an idea, a few years ago, to say that the first tunnel is established with subnet 10.0.0.0/8 (an no more with 10.2.0.0/16).
> Why ? In order to see (to ping and reach the SNMP agent) every other machine from the headquarters.
This is a known limitation of the current 2.6 native ipsec stack. Use KLIPS
instead. KLIPS for openswan is planned for version 2.3. You can try Nate's
experimental patches posted to openswan-dev in the last few days to hack
KLIPS onto your 2.6 box. Alternatively you can try running freeswan-2.06
which has klips on 2.6 support.
Paul
More information about the Users
mailing list