[Openswan Users] "Simple" ? Vpn setup
Nicolas Ross
rossnick-lists at cybercat.ca
Fri Oct 29 16:01:41 CEST 2004
Hi All !
I am verry new to the VPN ipsec thing... I have verry extensive experince
with linux and ip routing in general, iptables etc.
What I want to achieve is make a net-to-net connection between two linux
boxes. Both have rh7.3, custom kernel, both have Openswan installed and it
seems ok.
Presently, my ipsec.conf looks like this :
conn testvpn
left=nn.nn.nn.nn
leftsubnet=192.168.10.0/24
leftid=@testipsec.domain.com
leftnexthop=nn.nn.nn.yy
right=mm.mm.mm.mm
rightsubnet=192.168.11.0/24
rightid=@testipsec2.domain.com
rightnexthop=mm.mm.mm.yy
auto=add
Where nn.nn.nn.nn is the IP of box A leading to the internet, and the .yy ip
is it's gateway. Same for box B.
When I do a "service ipsec start" on box A, ipsec adds 3 new routes :
Destination Gateway Genmask Flags MSS Window irtt
Iface
nn.nn.nn.0 0.0.0.0 255.255.255.240 U 0 0 0
ipsec0
0.0.0.0 nn.nn.nn.yy 128.0.0.0 UG 0 0 0
ipsec0
128.0.0.0 nn.nn.nn.yy 128.0.0.0 UG 0 0 0
ipsec0
(only new routes are shown)
Why does ipsec need to add a new default route (second one) ?
Or what am I doing wrong ?
Nicolas
More information about the Users
mailing list