[Openswan Users] -!- Routing Problems %defaultroute requested but not known -!-

[Paul Wouters]

On Thu, 16 Sep 2004, neptuno wrote:

> Its sound confuse...
> Frist when i tryed to found in 'make menuconfig' any KLIPS or IPSEC section i 
> didnt found anything.

That is because KLIPS is not in the stock 2.6 kernel.

> When i ran 'make menumod' from freeswan 2.06, KLIPS section shows to me. I 
> marked everything as bult-in, recompile the kernel and install it.

that should work, provided you didn't also compiled the native stack into
the kernel as well (xfrm, esp4,ah4,afkey)

> Why KLIPS native from 2.6.4 dont displayed before in make menuconfig ?

Because running make menumod patched your kernel tree.

The idea of make menumod was to build modules, and make go was to build
inline to the kernel. I wouldn't use the "go", "oldgo" or menu* targets
anymore.

If you want to just build modules for one machine, run 'make module minstall'
This DOES NOT change your kernel tree at all.

If you want to build inline, or patch a kernel tree for multiple builds on
various machines, run 'make applypatch'. Then go through a regular kernel
build, eg run make oldconfig or menuconfig, then make bzImage etc etc.
For this method you should set the environment variabke KERNELSRC, or
have the kernel tree in /usr/src/linux (-2.6 or -2.4)

> Thats the problem... correct ?
> What best can i do now?

Your method of running make menumod and then rebuilding the kernel should work.

> Linux Openswan U2.1.5/K2.06 (klips)

You are using klips.

> Checking NAT and MASQUERADEing
> Checking tun0x1002 at 200.180.4.245 from 192.168.201.0/24 to 192.168.200.0/24 
> [FAILED]
> MASQUERADE from 192.168.201.0/24 to 0.0.0.0/0 kills tunnel 192.168.201.0/24 
> -> 192.168.200.0/24

And you seem to be killing IPsec packets by NATing them. This is your real 
problem. Disable NAT or exclude IPsec packets by excluding NAT for any
192.168.0.0/16 destination.

Paul