[Openswan Users] Framed-Route problem - Openswan 2.4.5 + freeradius

Radek Antoniuk r.antoniuk at pixel.com.pl
Mon Apr 17 00:11:43 CEST 2006


Brian Candler wrote:
> On Sun, Apr 16, 2006 at 10:43:42PM +0200, Radek Antoniuk wrote:
> 
>>Is anyone using this setup? (2.4.5 + l2tpns + freeradius). Well, all 
>>works great, but...
>>
>>I have two connections on my roadwarrior.
>>And if I pick the VPN connection to act as a default gateway, I will 
>>loose my internet connection. It's obvious.
> 
> 
> No, not obvious - and for me it works just fine.
> 
> I'm using the built-in Microsoft IPSEC stack and L2TP client (XP SP2 and
> Win2000 SP4). I use it to make a pseudo-dialup connection over the Internet.
> It learns another defaultroute through this - traffic to the local LAN still
> stays local, but all other traffic goes via the tunnel. It all Just Works
> [TM].

Yeah, the situation here is similar. But... my primary connection is the 
LAN one. So.. I have internet connection through the LAN interface.
And this way, "all other traffic" is wrong. Because it applies not only 
to the tunneled packets but for the normal web request as well. I hope 
it's clear now.
So again, it's obvious.
Defaultroute from tunnel overlaps the one from the LAN interface which 
is wrong for the routing of normal web packets.

> I am using a Cisco IOS box as the tunnel terminator (my interest in Openswan
> is as another client device, not as central terminator). But if you're
> saying there's a problem with the Windows client and defaultroute, I'm
> saying I don't see this.
> 
> 
>>But, if I don't, I would have to manually add static route to the 
>>networks I want to use. I've tried to use Framed-Route "1.2.3.4 
>>255.255.255.255 1" and some combinations, but it doesn't get added to 
>>the WinXP box.
> At best, that would add a route on the tunnel terminator, not on the client.

Well, tunnel terminator on the remote side you mean? Well, from what 
I've read on google, Framed-Route applies to the client requesting the 
address alongside with the Framed-IP and so on...
So it'd be weird what you say, but that can be an issue.

So, is there any method for adding a static route on the XP side after 
setting up the tunnel?

-- 
Thanks,
Radek


More information about the Users mailing list