[Openswan Users] routing probs with kernel 2.6.6
Ingo Bruell
inbruell at gmx.de
Wed Jun 30 14:30:23 CEST 2004
Hi,
i have following scenario:
LAN --- (eth0) GW (eth1) ROUTER --- INTERNET
eth0 = 192.168.1.2
eth1 = 172.31.0.2
default gw = 172.31.0.1
I am using the native ipsec implementation and so i have no virtual device.
What do i have to configure for the keyword "interfaces" ?
If i use "%defaultroute" the routing table looks very strange and the GW is
not accessible anymore. It looks like:
192.168.1.0 0.0.0.0 255.255.255.0 eth0
172.31.0.0 0.0.0.0 255.255.255.252 eth1
0.0.0.0 172.31.0.1 128.0.0.0 eth1
128.0.0.0 172.31.0.1 128.0.0.0 eth1
0.0.0.0 172.31.0.1 0.0.0.0 eth1
Here is a part of my ipsec.conf:
--- snip ---
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="%defaultroute"
plutoopts="--interface eth1"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
#plutoload=%search
#plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
nat_traversal=yes
overridemtu=1300
conn %default
type=tunnel
keyexchange=ike
keyingtries=0
disablearrivalcheck=no
authby=rsasig
#leftrsasigkey=%cert
rightrsasigkey=%cert
leftsubnet=192.168.1.0/24
#leftcert=private/gatewayCert.pem
leftcert=gatewayCert.pem
leftid="/C=DE/ST=Hamburg/O=GBI Grosshamburger
Bestattungsinstitut/CN=gateway.
gbi-hamburg.de"
right=%any
pfs=yes
left=172.31.0.2
leftnexthop=172.31.0.1
auto=add
--- snip ---
Any ideas ?
--
Ingo Bruell
---
<ibruell at gmx.de>
<ICQ# 40377720>
Oldenburg PGP-Fingerprint: 9DD0 1776 DF4D 5B16 A532 C2A1 4701 EEA2
Germany PGP-Public-Key available at pgpkeys.mit.edu
More information about the Users
mailing list