[Openswan Users] Routing problem

Ludovic ludovic.mailinglist at gmail.com
Tue Feb 6 10:59:05 EST 2007 

Hi all,

Here is my network configuration:


PC1 <--> IpCop1 <--> Router 1 <---> Router 2 <--> IpCop 2 <--> PC2

PC1: 192.168.5.177 gw 192.168.5.254
IpCop 1: 192.168.5.254 and 192.168.7.254 gw 192.168.7.1
Router 1 (R1): 192.168.7.1 and 82.23.32.140
Router 2 (R2): 192.168.10.1 and 82.23.32.138
IpCop 2 : 192.168.2.254 and 192.168.10.254 gw 192.168.10.1
PC2: 192.168.2.183

At the beginning, on my ipcop boxes, there was openswan-1.0.7 and it works
well. Now, i'am trying to upgrade to openswan-2.4.7 but i have some
problems.

On ipcop, ipsec is running when vpn service is activated even if there is no
configured tunnel. For example, i can create vpn between the two ipcop boxes
and trafic goes through tunnel perfectly. Problems begin when i disable the
tunnel. When there is no activated tunnel, i can't reach the
192.167.7.1interface from PC1 while i can reach it if tunnel is
activated.

Here is routing table :

when vpn service is disebled:

192.168.7.0   0.0.0.0          255.255.255.0 eth2
192.168.5.0   0.0.0.0          255.255.255.0 eth0
192.168.3.0   0.0.0.0          255.255.255.0 eth1
0.0.0.0          192.168.7.1   0.0.0.0            eth2

when vpn service is enabled and tunnel activated:

192.168.7.0   0.0.0.0         255.255.255.0 eth2
192.168.7.0   0.0.0.0         255.255.255.0 ipsec0
192.168.5.0   0.0.0.0         255.255.255.0 eth0
192.168.3.0   0.0.0.0         255.255.255.0 eth1
192.168.2.0   192.168.7.1  255.255.255.0 ipsec0
0.0.0.0          192.168.7.1  0.0.0.0            eth2

when vpn is enabled and tunnel disabled:

 192.168.7.0   0.0.0.0         255.255.255.0 eth2
192.168.7.0   0.0.0.0         255.255.255.0 ipsec0
192.168.5.0   0.0.0.0         255.255.255.0 eth0
192.168.3.0   0.0.0.0         255.255.255.0 eth1
0.0.0.0          192.168.7.1  0.0.0.0            eth2

A tcpdump on eth2 and ipsec0 show that, when tunnel is disebled, trafic from
PC1 to 192.168.7.1 goes through ipsec0 interface.
I don't really undestand why i can reach R1 when tunnel is activated and i
can't reach it when tunnel is disabled. Do you have any idea?

Just an other question, why is route to 192.168.7.0/24 via ipsec0 inserted
in routing table? In order to create vpn ? Can i delete this route when
tunnel is disabled and add it again when i want to enable tunnel ?

Thanks a lot for your help. If you need more information, like configuration
file, i can give it...

Ludovic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070206/c0ebf1df/attachment-0001.html

More information about the Users mailing list