[Openswan Users] klips routing
Paul Wouters
paul at xelerance.com
Sat Dec 31 20:21:49 CET 2005
On Sat, 31 Dec 2005, Norbert Wegener wrote:
> When using KLIPS, the following routes are automatically established:
> 0.0.0.0/1 via 213.148.150.193 dev ipsec0
> 128.0.0.0/1 via 213.148.150.193 dev ipsec0
>
> Removing them, let's me starting a connection without problems and routing
> works for me.
> What is the reason for those routes?
> May there be a sideeffect, when removing them, that I do not yet face?
> Norbert
They are created by the passthrough routes. Removing them will cause the
passthrough route to fail.
They are also there to catch apckets when extrusion in used.
They should not affect routing in any way, since if the caught packets
won't match an ipesc policy, they will just be handed back to the
kernel. The only problem I can think of is if you want some packets not
to go out the default gateway. In that case, you can make a "more specific"
route for those packets (using ip rule or ip route commands)
Paul
More information about the Users
mailing list