[Openswan Users] Modifying the ip route command

Mark van Proctor m.vanproctor at metech.com.au
Fri Apr 28 10:38:09 CEST 2006

Hi all,

I need to modify the ip route that is generated when I establish a site to
site VPN.
I am connecting to a netkey/racoon (RHEL 3) server (no Openswan installed)
from a netkey/openswan (RHEL 4) server. I have been unable to get the racoon
side to establish multiple VPNs - one for gateway to gateway, one for net to
net traffic and one each for net to gateway - so I am managing with just a
net to net connection.
I have managed to get the traffic involving the gateway machines to tunnel
through this traffic by modifying the ip route manually to include a "src
LEFTSRC". I am wondering how I can do this automatically through the
ipsec.conf file? the ultimate command that needs to get called is as
ip route add to RIGHTSUBNET dev eth0 scope link src LEFTSRC  <-- where
LEFTSRC is ultimately my internal IP address that falls within LEFTSUBNET,
thus forcing traffic to go through the VPN.
Does this make sense?
Is there any way of making such a change in the ipsec.conf file or will I
have to provide a separate updown script for this connection which performs
the modified command... Also, if I have to provide a separate updown script,
can I provide an additional variable in the ipsec.conf file called LEFTSRC
such that it is available in the updown script? Or will the parser fail the
ipsec.conf file with an unknown variable?
Thanks in advance,
Mark van Proctor

Metech Pty Ltd

This email (including all attachments) is the sole property of Metech Pty Ltd
and may be confidential. If you are not the intended recipient, you must not
use or forward the information contained in it. This message may not be
reproduced or otherwise republished without the written consent of the sender.
If you have received this message in error, please delete the email and notify
the sender.

More information about the Users mailing list