[Openswan Users] Openswan or general routing problem?
paul at xelerance.com
Fri Apr 21 19:27:08 CEST 2006
On Fri, 21 Apr 2006, Andy Coates wrote:
> got no problems in general now setting up IPSEC connections, and the machine
> itself has no problem communicating with hosts on the remote subnets, but
> the machine is also acting as a gateway and other machines using this
> gateway can't seem to reach the remote subnets.
this usually means either ip forwarding is not enabled, or the NAT rules
are rewriting (and breaking) the IPsec packets.
> So from the gateway itself all packets to the remote subnet via the IPSEC
> tunnel are fine, but any packets being forwarded on seem to take the routing
> entry setup by the IPSEC connection literally, i.e.
> internal ~ # netstat -rn | grep 192.168.2
> 192.168.2.0 220.127.116.11 255.255.255.0 UG 0 0 0 eth0
Are you using klips? If you use netkey, routes do not matter. If you use klips,
then a route ito ipsecX should be there.
Does your gateway work with a seperate conn? Or did you use a leftsourceip= ?
> Am I missing something really simple I've just not thought about? The only
> difference between this and a working gateway I also have is that it uses
> the older kernel and freeswan and has the ipsec0 interface.
You might need different firewall settings if you had ipsecX interfaces before.
Building and integrating Virtual Private Networks with Openswan:
More information about the Users