[Openswan Users] Bringing up ipsec breaks my routing
Josef wells
Josefwells at alumni.utexas.net
Thu Dec 27 10:50:01 EST 2007
Hello all,
I have been using openswan for a long time (since freeswan) to connect
to a work vpn.
I had been on a 172.16.0.1 network, but the office is moving to a
10.0.0.1 network so I decided to change my home network as well.
I am running a debian unstable 2.6.22, behind a linksys wrt-dd router.
When I bring up ipsec, I get to here in authlog:
pluto[20914]: "jwells-conn" #2: STATE_QUICK_I2: sent QI2, IPsec SA
established {ESP=>0xe32f52b
3 <0xb2d6c6a6 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
10.90.105.241 is my router
10.90.105.242 is my linux machine
When I attempt to connect to the router at all, it somehow gets routed
back to the localhost.
>From 10.90.105.242, ssh 10.90.105.241 actually connects to 10.90.105.242 again!
As you can imagine, this pretty much breaks everything. The only way
to fix it is to stop ipsec and restart networking!
route before starting ipsec:
10.90.105.240 * 255.255.255.248 U 0 0 0 eth0
default Router 0.0.0.0 UG 0 0 0 eth0
route after starting ipsec:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.90.105.240 * 255.255.255.248 U 0 0 0 eth0
10.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default 10.90.105.241 0.0.0.0 UG 0 0 0 eth0
iptables -L shows (all the time):
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ipsec.conf:
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
conn %default
left=0.0.0.0
keyingtries=0
authby=rsasig
conn jwells-adi10
leftid=@jwells
left=%defaultroute
leftsubnet=10.90.105.240/29
leftsourceip=10.90.105.241
leftrsasigkey=blah
right=vpn_server_ip
rightnexthop=next_hop_ip
rightrsasigkey=blah
rightsubnet=10.0.0.0/8
auto=start
Thanks for any help,
Josef
More information about the Users
mailing list