[Openswan Users] problems routing to remote ipsec network
Roland Gaboury
gabouryr at shaw.ca
Wed Sep 28 21:57:56 CEST 2005
Hi again... the continuing battle with ipsec.conf goes on. I have an
ipsec connection with the following configuration:
000 "symantec":
172.0.0.0/24===24.68.236.175---24.68.236.1...70.66.3.209===192.168.1.0/24;
erouted; eroute owner: #2
Yes, I know that 172.0.0.0/24 is NOT a private subnet - this is beyond
my control and in the hands of 'qualified' IT staff... such is life.
From the 192 subnet, I can ping anywhere on the 172 subnet...
70.66.3... is a symantec ipsec gateway.
From the 24.68 system (Openswan) and behind it (the 172 subnet), I can
not ping anywhere in the 192 subnet by doing an ordinary ping... HOWEVER
- if i ping -I eth1 192.168.1.1, everything seems to go through fine...
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
172.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
192.168.1.0 24.68.236.1 255.255.255.0 UG 0 0 0
eth0
24.68.236.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 24.68.236.1 0.0.0.0 UG 0 0 0
eth0
The 192 entry is automatically added by ipsec when the connection is
started...
If anyone has any ideas how to make the routing behave, please help.
Cheers.
Roland Gaboury
More information about the Users
mailing list