[Openswan Users]
Paul Wouters
paul at xelerance.com
Sun Feb 26 22:56:20 CET 2006
On Sun, 26 Feb 2006, Philippe PAULEAU wrote:
> This configuration with overlaping subnets was working fine with FreeSWAN /
> KLIPS and ipsec0,
> but now using openswan / NETKEY, starting the tunnel is braking eth0 LAN
> connectivity.
>
>
> |-------------| internet |-------------|
> 10.11.0.0/16 ----| openswan gw |------------------| openswan gw |----
> 10.0.0.0/8
> |-------------| |-------------|
> eth0 eth1
> 10.11.0.4 82.108.230.82
Use KLIPS, or add a "conn passme" with the /16 range and type=passthrough
> Strange behavior because eth0 should always considered as a priority, as
> also the
> route for /16 subnet is more specific than /8
NETKEY does not use a 'more specific match first' method.
Paul
More information about the Users
mailing list