[Openswan Users]
Re: Routes on ipsec instead of physical interface when interfacesgo down
and then up.
ecarlseen at praecelsus.com
ecarlseen at praecelsus.com
Mon Mar 14 14:53:43 CET 2005
I've had some issues with this as well, and have requested a new feature
that would allow manual routing information be specified on a
per-connection basis in the ipsec.conf file for those of us that use
dynamic routing protocols. In the mean time, there's an ugly,
poorly-documented work-around: you can create your own "_updown" script
that, among other things, assigns routes to newly created tunnels. You
then specify the name of your _updown script in the individual connection
sections of ipsec.conf file as follows:
leftupdown=<path / name of your custom _updown script>
Note that whenever you update OpenS/WAN, you must check for changes in the
_updown script and adjust your custom script(s) accordingly. I'm using the
VPN tunnels as backup circuits for some leased lines, so what I do (your
mileage may vary) is set the routing costs of the VPN tunnels to 1024 -
about twice as high as the WAN pipes.
Hope this helps, and hope that someone with some coding skills can attack
this problem someday.
Erik Carlseen
Praecelsus Consulting, Inc.
http://www.praecelsus.com
-------------------------------------------------------------------------------------------------------------------------------------------------------
Hi,
I've searched using Google as well as tried to go through some mailing
lists, but have not managed to find any answers - so hopefully someone
here
can help.
I have a tunnel set up and everything seems to work fine.
The problem begins when my physical interface goes down and then comes up
again.
After the interface comes up, I map the ipsec interface using the 'ipsec
tncfg' command and that's fine.
My problem is, that routes that were previously on the physical interfaces
are now on the ipsec interface (I read somewhere that this is because the
kernel looks for the first interface with a matching IP - which happens to
be the ipsec interface).
Since many of my routes are dynamic (learnt via some routing protocol), I
cannot manually set them each time (and its not just the default gateway
that needs to be set).
The interface to be set to is also not a fixed interface (could vary
according to the setup).
Has anyone encountered this before or come up with a solution?
Thanks
Ilona
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050314/a58304fe/attachment.htm
More information about the Users
mailing list