[Openswan Users] ipsec routes
Brad Chang
openswan at dotnoc.com
Sun Mar 28 18:04:30 CEST 2004
Hi, I setup freeswan and for some reason ip sec adds itself as the default
route for all traffic. I can get to the gateway but anything else tryes to go
through ipsec0 and not eth0 where the default route is. is it normal for this
to happen? I cannot ssh to the box from the outside only from internally
through another server. is there some additional configuration that I am
missing? I can adjust the routes to make it work.. but I think im just missing
somthing here
thanks alot for any suggestions or advice
-Brad
vanvpn1:/etc# ip ad ls
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:08:a1:19:d1:52 brd ff:ff:ff:ff:ff:ff
inet 65.39.254.254/24 brd 65.39.254.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:10:dc:cc:f9:14 brd ff:ff:ff:ff:ff:ff
inet 172.16.0.1/16 brd 172.16.255.255 scope global eth1
4: tunl0 at NONE: <NOARP> mtu 1480 qdisc noop
link/ipip 0.0.0.0 brd 0.0.0.0
5: gre0 at NONE: <NOARP> mtu 1476 qdisc noop
link/gre 0.0.0.0 brd 0.0.0.0
6: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
link/ether 00:08:a1:19:d1:52 brd ff:ff:ff:ff:ff:ff
inet 65.39.254.254/24 brd 65.39.254.255 scope global ipsec0
7: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/void
8: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/void
9: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/void
vanvpn1:/etc# ip route ls
65.39.254.0/24 dev eth0 proto kernel scope link src 65.39.254.254
65.39.254.0/24 dev ipsec0 proto kernel scope link src 65.39.254.254
172.16.0.0/16 dev eth1 proto kernel scope link src 172.16.0.1
0.0.0.0/1 via 65.39.254.1 dev ipsec0
128.0.0.0/1 via 65.39.254.1 dev ipsec0
default via 65.39.254.1 dev eth0
vanvpn1:/etc# cat /etc/ipsec.conf
version 2.0
#config setup
# forwardcontrol=yes
# interfaces=%defaultroute
# klipsdebug=none
# plutodebug=none
# syslog=syslog.debug
# uniqueids=yes
conn kel-to-van
left=65.39.254.254
leftid=@vanvpn1.dotnoc.com
leftnexthop=%defaultroute
leftrsasigkey=0sAQN7SHTr6TWrTwsIyDYSkcE1B5x800gyC3suEJCnGiuMqFq2Eury412u9t/SqMyV
iVZzZWuUqN6JA8yy5AMruWvJr6xAmrCPS01f12RX9zWsURdFCSqFjv43TeYsf7X3FE8TSD0ZtQ98cj+e
vMzUt6+55m+u1hAR0zaDZ7AjNEj78gb3nMk6aQ25dGLfRse+hex7BMgrFPXGyaTtkHOfOm+froSqfKtC
fXh7EURid68OkN8dXAbOvwLKLZHAgcKXrSvb3DQmBdGFTrsiT7x1S5d1jaibHSSV1/jYYr6vhwR+DEet
pRDN4uL1fjLIZskIrXDxksNF32LP1UrEfeAsAU7TYfReOpjoodnOjX5I91S/TfKT
right=24.70.248.254
rightid=@office.dotnoc.com
rightnexthop=%defaultroute
rightrsasigkey=0sAQPQoNAP+br7wiHmPv/xFGmbWAvRopbyVCeJ14sVqci7Kh0AYKdGwVsCA33YwSF
Xlt5Zejzsbjb6HqJV3tJaDLFAZtNB/S5Y0Op68rNBtzFWUb3LTXQ+zfVJWoG43lqpn8PdoH7AZ2dtm3T
Jk73xATU1+/G/rZkE1BoZOkbsAQN5myZERHUnaFsUwfth+CCLwn43l4hrx//9TrFESLeK3j1XSNmBPzC
2Cqw+4u3eLSPb61YbN2QhiTZ4l49ODfPq8Oj9E1KZz7WybqM/A3XqSU2QIjYaxu3OPIqrbfKWzonRlmE
dAy7dGd8IwHKR2YYdvPyGniaief0qqshSz6nmUTrLK/qE4he1H3HiO1WkHVjCFr7vjwdfCXfjgEEWCUz
0qltsX1gwBy/U0eUbGc7Zq2q7pTrXnm+mIuSZNkO7ie53ajqjgx+okAMin+0QeGjVAUXPznlp4WmdYYb
z4tiBbnRDxlDnb74oCxbIQcEsNFb3wD70q90t026a5R74aGdp4oiUEaZAOK6Q8XQNm4y0KDNx2WEHVWk
DyUAHHCF9ZqaK0RGoEZOe26Rqrbm1W3ts1ok=
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn clear
auto=ignore
conn clear-or-private
auto=ignore
Thanks and best regards,
-Brad Chang
-http://www.dotnoc.com
-------------------------------------------------------------------
hosting,web design and managed services @ http://www.dotnoc.com
More information about the Users
mailing list