[Openswan Users] Openswan or general routing problem?

Andy Coates andy at NocOps.com
Fri Apr 21 14:51:03 CEST 2006


Hi,

I'm currently running Openswan 2.4.3 with a 2.6.15 kernel (netkey).  I've
got no problems in general now setting up IPSEC connections, and the machine
itself has no problem communicating with hosts on the remote subnets, but
the machine is also acting as a gateway and other machines using this
gateway can't seem to reach the remote subnets.

The gateway is using iptables rules to SNAT the outbound packets as the
gateway machine, but instead of sending the packets over the IPSEC tunnel
they're being routed over the default interface like normal packets (and
being private addresses don't route anywhere).

So from the gateway itself all packets to the remote subnet via the IPSEC
tunnel are fine, but any packets being forwarded on seem to take the routing
entry setup by the IPSEC connection literally, i.e.

internal ~ # netstat -rn | grep 192.168.2
192.168.2.0     80.253.107.129  255.255.255.0 UG       0 0          0 eth0

Am I missing something really simple I've just not thought about?  The only
difference between this and a working gateway I also have is that it uses
the older kernel and freeswan and has the ipsec0 interface.

Thanks,
Andy.



More information about the Users mailing list