[Openswan Users] routing probs with kernel 2.6.6
jerry
jz at silpion.de
Wed Jun 30 18:22:47 CEST 2004
hi,
your routing looks ok, i think.
do you have included the no_oe.conf-file at the end of your ipsec.conf?
bye
jerry
At 30.06.2004 14:42, you wrote:
>Hi,
>
>i have following scenario:
>
>LAN --- (eth0) GW (eth1) ROUTER --- INTERNET
>
>eth0 = 192.168.1.2
>eth1 = 172.31.0.2
>default gw = 172.31.0.1
>
>I am using the native ipsec implementation and so i have no virtual device.
>What do i have to configure for the keyword "interfaces" ?
>
>If i use "%defaultroute" the routing table looks very strange and the GW is
>not accessible anymore. It looks like:
>
>192.168.1.0 0.0.0.0 255.255.255.0 eth0
>172.31.0.0 0.0.0.0 255.255.255.252 eth1
>0.0.0.0 172.31.0.1 128.0.0.0 eth1
>128.0.0.0 172.31.0.1 128.0.0.0 eth1
>0.0.0.0 172.31.0.1 0.0.0.0 eth1
>
>Here is a part of my ipsec.conf:
>
>--- snip ---
>
>config setup
> # THIS SETTING MUST BE CORRECT or almost nothing will work;
> # %defaultroute is okay for most simple cases.
> interfaces="%defaultroute"
> plutoopts="--interface eth1"
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=none
> plutodebug=none
> # Use auto= parameters in conn descriptions to control startup actions.
> #plutoload=%search
> #plutostart=%search
> # Close down old connection when new one using same ID shows up.
> uniqueids=yes
> nat_traversal=yes
> overridemtu=1300
>
>conn %default
> type=tunnel
> keyexchange=ike
> keyingtries=0
> disablearrivalcheck=no
> authby=rsasig
> #leftrsasigkey=%cert
> rightrsasigkey=%cert
> leftsubnet=192.168.1.0/24
> #leftcert=private/gatewayCert.pem
> leftcert=gatewayCert.pem
> leftid="xxx"
> right=%any
> pfs=yes
> left=172.31.0.2
> leftnexthop=172.31.0.1
> auto=add
>
>--- snip ---
>
>Any ideas ?
>
>
>--
>Ingo Bruell
>
>---
><ibruell at gmx.de>
><ICQ# 40377720>
>Oldenburg PGP-Fingerprint: 9DD0 1776 DF4D 5B16 A532 C2A1 4701 EEA2
>Germany PGP-Public-Key available at pgpkeys.mit.edu
>
>_______________________________________________
>Users mailing list
>Users at lists.openswan.org
>http://lists.openswan.org/mailman/listinfo/users
>
>
>
>---
-------------- next part --------------
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.708 / Virus Database: 464 - Release Date: 18.06.2004
More information about the Users
mailing list