[Openswan Users] Routing problem

[Ludovic]

"activated" means effectively that tunnel is added in configuration
file and vpn is up (or try to be up).

To answer your question about unencrypted packet, I want to reach
192.168.5.0/24 subnet with encrypted packet. My problem is that i
can't connect to the graphical interface of my router in front of my
ipsec gateway since packet are encrypted. I just want packet to
destination 192.168.7.0/24 not to be encrypted since they don't have
to go through the tunnel. I want them to go through eth2 device and
not ispec0.

> > I just have a  new problem. VPN is loaded, trafic goes through vpn and
> > i can't access router interface. Trafic to 192.168.7.1 goes through
> > ipsec0 interface.
> >
> > Here is routing table:
> >
> > 192.168.7.0   0.0.0.0         255.255.255.0 eth2
> > 192.168.7.0   0.0.0.0         255.255.255.0 ipsec0
>
> This route into ipsec0 is bogus. I am hunting down this bug myself too.
> Is this on a system with busybox, and its version of the "ip" command?

No, i don't use busybox (it is used for the ipcop install but not for
the system itself) and i use iproute2 version 2.4.7-now-ss010824.
Should i upgrade iproute2 to a new version? I hope i don't have to do
that.

> I'm running into this myself on openwrt. What is a workaround for me
> is to do:
>
>         route del 192.168.7.0 dev ipsec0
>         route add 192.168.7.1 dev eth2
>
> I think this is a bug in the _updown script.

Effectively, i have already tried the "route del 192.168.7.0 dev
ipsec0" and it works. I have also try a "route add 192.168.7.1 dev
eth2" without running "route del 192.168.7.0 dev ipsec0" and it works.

So, if i am right, i can always delete the route 192.168.7.0 dev
ipsec0 ? This route is not needed by ipsec to load tunnel ? If i can,
i just have top add a command to delete the route in my C program
which run ipsec.

Thanks a lot for your help.