[Openswan Users] Modifying the ip route command

Andy fs at globalnetit.com
Thu Apr 27 23:14:23 CEST 2006


On Fri, 2006-04-28 at 09:38 +0800, Mark van Proctor wrote:
> Hi all,
> 
> I need to modify the ip route that is generated when I establish a site to
> site VPN.
>  
> I am connecting to a netkey/racoon (RHEL 3) server (no Openswan installed)
> from a netkey/openswan (RHEL 4) server. I have been unable to get the racoon
> side to establish multiple VPNs - one for gateway to gateway, one for net to
> net traffic and one each for net to gateway - so I am managing with just a
> net to net connection.
>  
> I have managed to get the traffic involving the gateway machines to tunnel
> through this traffic by modifying the ip route manually to include a "src
> LEFTSRC". I am wondering how I can do this automatically through the
> ipsec.conf file? the ultimate command that needs to get called is as
> following:
> ip route add to RIGHTSUBNET dev eth0 scope link src LEFTSRC  <-- where
> LEFTSRC is ultimately my internal IP address that falls within LEFTSUBNET,
> thus forcing traffic to go through the VPN.
>  
> Does this make sense?
>  
> Is there any way of making such a change in the ipsec.conf file

Yes. Add leftsourceip=LEFTSRC to your conn.

>  or will I
> have to provide a separate updown script for this connection which performs
> the modified command... Also, if I have to provide a separate updown script,
> can I provide an additional variable in the ipsec.conf file called LEFTSRC
> such that it is available in the updown script? Or will the parser fail the
> ipsec.conf file with an unknown variable?
>  
> Thanks in advance,
>  
> Mark
>  
> Mark van Proctor
> 
> BUSINESS SYSTEMS ANALYST
>  
> Metech Pty Ltd
> AUSTRALIA - CANADA - CHILE - UK
> 
> 
> ==============================================================================
> This email (including all attachments) is the sole property of Metech Pty Ltd
> and may be confidential. If you are not the intended recipient, you must not
> use or forward the information contained in it. This message may not be
> reproduced or otherwise republished without the written consent of the sender.
> If you have received this message in error, please delete the email and notify
> the sender.
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-- 
Andy <fs at globalnetit.com>



More information about the Users mailing list