[Openswan Users] "Simple" ? Vpn setup

Nicolas Ross rossnick-lists at cybercat.ca
Thu Nov 18 15:51:28 CET 2004


I'll reply to my own post, just to follow up.

Does anybody can give me hint on why I end up with 2 default routes ?

Thanks

----- Original Message ----- 
From: "Nicolas Ross" <rossnick-lists at cybercat.ca>
To: <users at openswan.org>
Sent: Friday, October 29, 2004 2:01 PM
Subject: [Openswan Users] "Simple" ? Vpn setup


> Hi All !
>
> I am verry new to the VPN ipsec thing... I have verry extensive experince 
> with linux and ip routing in general, iptables etc.
>
> What I want to achieve is make a net-to-net connection between two linux 
> boxes. Both have rh7.3, custom kernel, both have Openswan installed and it 
> seems ok.
>
> Presently, my ipsec.conf looks like this :
>
> conn testvpn
>        left=nn.nn.nn.nn
>        leftsubnet=192.168.10.0/24
>        leftid=@testipsec.domain.com
>        leftnexthop=nn.nn.nn.yy
>        right=mm.mm.mm.mm
>        rightsubnet=192.168.11.0/24
>        rightid=@testipsec2.domain.com
>        rightnexthop=mm.mm.mm.yy
>        auto=add
>
> Where nn.nn.nn.nn is the IP of box A leading to the internet, and the .yy 
> ip is it's gateway. Same for box B.
>
> When I do a "service ipsec start" on box A, ipsec adds 3 new routes :
>
> Destination     Gateway         Genmask         Flags   MSS Window  irtt 
> Iface
> nn.nn.nn.0      0.0.0.0         255.255.255.240 U         0 0          0 
> ipsec0
> 0.0.0.0         nn.nn.nn.yy     128.0.0.0       UG        0 0          0 
> ipsec0
> 128.0.0.0       nn.nn.nn.yy     128.0.0.0       UG        0 0          0 
> ipsec0
>
> (only new routes are shown)
>
> Why does ipsec need to add a new default route (second one) ?
>
> Or what am I doing wrong ?
>
> Nicolas 



More information about the Users mailing list