[Openswan Users] openswan and _updown (quagga)

Fabio fabio.marcone at duet.it
Tue Mar 14 11:12:10 CET 2006 

Hi!
Using an empty updown script, route aren't set up. that's right, but now I 
have another problem.

situation:
	gateway A  192.168.3.2 <--------------------------> 192.168.3.3 gateway B
	192.168.1.2									192.168.2.3
          ^												^
	  |												|
	  |												|
	  |												|
	192.168.1.1										|
	gateway C 192.168.2.1 <------------------------------------------------------

Each gateway has ipsec.conf 2 connection defined: example gateway A has:
	conn A-B
		...
		left=192.168.3.2
		right=192.168.3.3
		leftsubnet=192.168.100.0/24
		rightsubnet=192.168.101.0/24
		...
	conn A-C
		...
		left=192.168.1.2
		right=192.168.1.1
		leftsubnet=192.168.100.0/24
		rightsubnet=192.168.102.0/24
		...

Problem: when all connection are UP, it's ok, example: ping from a client of 
gateway C and a client of gateway B ended successfully. If a connection go 
down, quagga updates routes correctly but VPN connection doesn't work, 
example: ping  ping from a client of gateway C and a client of gateway B have 
to cross gateway A but ping doesn't reach gateway C.

if there aren't solution I that OpenSWAN can't be used with Quagga.

Someone can explain me where is the error?

Thanks,
Fabio
----------  Forwarded Message  ----------

Subject: Re: [Openswan Users] openswan and _updown (quagga)
Date: Tuesday 14 March 2006 09:19
From: Fabio <fabio.marcone at duet.it>
To: Paul Wouters <paul at xelerance.com>

Hi!

On Monday 13 March 2006 19:12, you wrote:
> On Mon, 13 Mar 2006, Fabio wrote:
> > I'm testing OpenSWAN 2.2 with sarge and kernel 2.6. I need to test
> > OpenSWAN with Quagga (dynamic routing), so I need to configure OpenSWAN
> > to not set route by itself (_updown script). To do so I set up in
> > ipsec.conf leftupdown=
> > 	rightupdown=
> >
> > but route is still added.
>
> Point to an empty shell script instead?

Today I'll try it.

Fabio

> Paul

--

Dott. Fabio Marcone

2T srl
Telefono	                           +39 - 0871- 540154
Fax		                           +39 - 0871- 571594
Email	                           fabio.marcone at duet.it
Indirizzo	                           Viale B. Croce 573
                                           66013 Chieti Scalo (CH)
GNU/Linux registered user  #400424

-------------------------------------------------------

-- 

Dott. Fabio Marcone

2T srl
Telefono	                           +39 - 0871- 540154
Fax		                           +39 - 0871- 571594
Email	                           fabio.marcone at duet.it	
Indirizzo	                           Viale B. Croce 573
                                           66013 Chieti Scalo (CH)
GNU/Linux registered user  #400424

More information about the Users mailing list