[Openswan Users] Disappearing %defaultroute - Re-post
Mario Lobo
mario.lobo at ipad.com.br
Tue Oct 25 15:20:36 CEST 2005
A few days ago I posted this message. Since I had no replies,
I decided to post it again.
Re-post ==========================================
I know this is in the FAQ. I read it, but I was just wondering if there is any news on
patches, fixups, etc...
I am using kernel 2.6.13.4 with all klips patches applied. I tried using
ipsec.ko but pluto kept seg faulting, so I compiled ipsec into the kernel
(no nat-t patches).
using openswan 2.4.0.
Everything works !!. Even with one end of the tunnel behind 2 NATs. I can
ping all machines on the LANs at both ends, from both ends.
LAN1 <--> GATEWAY(NAT) ipsec0 <--> ROUTER(NAT) <--> (internet) <-->
ipsec0 (NAT)GATEWAY <--> LAN2
I left (overnight) a machine on LAN1 pinging a machine on LAN2 and
vice-versa. When I arrived this
morning, both machines had stopped at around 5000 pings. When I checked
the routes, the 0.0.0.0 route was going out through ipsec0 instead of eth0 interface on both
GATEWAYs.
I tried:
ipsec tncfg --attach --virtual ipsec0 --physical eth0 (yes, eth0 IS my outter inerface)
the command performmed with no erros, but the default route was still
through ipsec0. I tried detaching and re-attaching but, results were the same.
Only a service network restart solved the problem.
end of Re-post ==========================================
I have already build a service (daemon) that restores the default route (whenever ipsec grabs it),
but like I said, I would rather fix it "inside" openswan, or at least, try to understand why it
does that.
If any one has any info to share on this, please let me know.
Thanks again,
--
//| //||
// | // ||
-//--//---|| ARIO LOBO
// // ||
---------------------------------
mario.lobo at ipad.com.br
http://www.ipad.com.br
More information about the Users
mailing list