[Openswan Users] Netherlands / Gateway out of subnet
Ferry van Steen
f.vsteen at its-netwerkbeheer.nl
Thu Aug 4 12:52:17 CEST 2005
Hey there,
we're having an issue with openswan (on corporate smoothwall v4) we're trying to resolve. Here in the Netherlands it is pretty common for ISP's to give you a gateway completely out of your subnet. For example, you get as IP 2.2.2.2/24 and as gateway 1.1.1.1. Mostly this works fine, as your DHCP/Router/TCP/IP stack does something like this:
route add -host 1.1.1.1 dev eth1
Which makes it a next hop and so
route add default gw 1.1.1.1
will work.
However, it doesn't work with openswan. While building op the connection Openswan tries something like this:
route add 192.168.0.0/24 dev ipsec0 gw 1.1.1.1
and will error out with:
SIOCADDRT: Network is unreachable
because it doesn't see the gateway address as a next hop probably.
Strange enough it _does_ work if you replace the ipsec0 device name with one of the ethernet device names (but that won't do anything ofcourse).
Because it does work with ethernet devices I think it has to do with the implementation of Openswan. It appears that it only checks the subnets to see if it can reach something (as next hop) and not the routing tables.
Is there anyone that can shed some light on this?
Kind regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050804/e41d734d/attachment.htm
More information about the Users
mailing list