[Openswan Users]
Re: [Openswan dev] Openswan 2.4.0 virtual_private problems
Paul Wouters
paul at xelerance.com
Mon Sep 19 21:53:35 CEST 2005
On Tue, 20 Sep 2005, Dmitriy wrote:
> If Client from CLIENT ip creates IPSEC connection(as part of l2tp connection)
> to ExtIP (left in openswan config file)
> then after connection has been initialized, openswan adds route for ClientIP
> to external interface
> i.e.
> "route add -host ClientIP dev {ExtIP}"
routes like that should only be added when KLIPS is in use, and the dev used
would be ipsecX and not an IP address. Perhaps you are seeing a problem where
specifying a leftnexthop=yourdefaultgw would fix your routing problems?
> ClientIP(with all internal network) is exclueded (marked with !) in
> virtual_private. (no error occur when reading config in
> /var/log/messages,secure)
> connection has string "rightsubnet=vhost:%no,%priv".
> and i repeat again if connection for nated peers created for external IP of
> NAT device i don't understand what virtual_private really do.
virtual_private lists the IP address that are VALID private space IP
addresses that may accor BEHIND a NAT router, that will be accepted by openswan.
If you send me the output of 'ipsec barf' I can perhaps see your problem.
Paul
More information about the Users
mailing list