[Openswan Users] routing probs with kernel 2.6.6

Ingo Bruell inbruell at gmx.de
Wed Jun 30 14:30:23 CEST 2004


Hi,

i have following scenario:

LAN --- (eth0) GW (eth1) ROUTER --- INTERNET

eth0 = 192.168.1.2
eth1 = 172.31.0.2
default gw = 172.31.0.1

I am using the native ipsec implementation and so i have no virtual device.
What do i have to configure for the keyword "interfaces" ?

If i use "%defaultroute" the routing table looks very strange and the GW is
not accessible anymore. It looks like:

192.168.1.0 0.0.0.0 255.255.255.0 eth0
172.31.0.0  0.0.0.0 255.255.255.252 eth1
0.0.0.0     172.31.0.1 128.0.0.0 eth1
128.0.0.0   172.31.0.1 128.0.0.0 eth1
0.0.0.0     172.31.0.1 0.0.0.0 eth1

Here is a part of my ipsec.conf:

--- snip ---

config setup
   # THIS SETTING MUST BE CORRECT or almost nothing will work;
   # %defaultroute is okay for most simple cases.
   interfaces="%defaultroute"
   plutoopts="--interface eth1"
   # Debug-logging controls:  "none" for (almost) none, "all" for lots.
   klipsdebug=none
   plutodebug=none
   # Use auto= parameters in conn descriptions to control startup actions.
   #plutoload=%search
   #plutostart=%search
   # Close down old connection when new one using same ID shows up.
   uniqueids=yes
   nat_traversal=yes
   overridemtu=1300

conn %default
   type=tunnel
   keyexchange=ike
   keyingtries=0
   disablearrivalcheck=no
   authby=rsasig
   #leftrsasigkey=%cert
   rightrsasigkey=%cert
   leftsubnet=192.168.1.0/24
   #leftcert=private/gatewayCert.pem
   leftcert=gatewayCert.pem
   leftid="/C=DE/ST=Hamburg/O=GBI Grosshamburger
Bestattungsinstitut/CN=gateway.
gbi-hamburg.de"
   right=%any
   pfs=yes
   left=172.31.0.2
   leftnexthop=172.31.0.1
   auto=add

--- snip ---

Any ideas ?


-- 
Ingo Bruell

---
<ibruell at gmx.de>
<ICQ# 40377720>
Oldenburg    PGP-Fingerprint: 9DD0 1776 DF4D 5B16  A532 C2A1 4701 EEA2
Germany      PGP-Public-Key available at pgpkeys.mit.edu



More information about the Users mailing list