[Openswan Users] Routing issue
Paul Wouters
paul at xelerance.com
Wed May 3 17:29:25 CEST 2006
On Wed, 3 May 2006, Rick Romero wrote:
> I've successfully - sorta - setup openswan on Debian 3.1 to a Cisco IOS
> something or other...
>
> I've upgraded the kernel to 2.6.8-3, and installed openswan following
> some (pretty good) documentation I found here:
that kernel is too old to use netkey, which you are using.
> May 2 11:28:02 localhost pluto[9139]: "cisco100" #2: route-client
> output: /usr/lib/ipsec/_updown: doroute `ip route add 5.5.240.100/32 via
> 2.2.234.140 dev eth0 ' failed (RTNETLINK answers: Network is
> unreachable)
It should not do any routing since you are using netkey. what version of
openswan is this?
> Is it maybe because I only have 1 interface, and my 'client' is another
> IP on the same subnet?
Yes, with netkey, you are now probably seeing icmp redirects. disable
all send/receive redirects in /proc. openswan 2.4.5 warns you about
this when using 'ipsec verify'
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list