[Openswan Users] Routing problem

Ludovic ludovic.mailinglist at gmail.com
Thu Feb 8 06:00:22 EST 2007 

Sorry to send again a mail but i always have problem.

I'am currently trying to modify updown script in order to delete wrong
route to 192.168.7.0/24 but it doesn't work.

If i delete the route, it can't add route through ipsec to the peer
subnet (in this case 192.168.2.0/24) since 192.168.7.1 is not
reachable via ipsec0.

I just have added :

/sbin/route del -net 192.168.7.0 netmask 255.255.255.0 dev ipsec0

Since it does not work, i think it is more complicated. Can you help
me to modify the updown script? What should i add to the script ?
Perhaps the delete command should depend on the PLUTO_VERB value ? I
think it should but i'm not sure and i have difficulties to understand
what the script is doing.

Thanks a lot for your help.

2007/2/7, Ludovic <ludovic.mailinglist at gmail.com>:
> "activated" means effectively that tunnel is added in configuration
> file and vpn is up (or try to be up).
>
> To answer your question about unencrypted packet, I want to reach
> 192.168.5.0/24 subnet with encrypted packet. My problem is that i
> can't connect to the graphical interface of my router in front of my
> ipsec gateway since packet are encrypted. I just want packet to
> destination 192.168.7.0/24 not to be encrypted since they don't have
> to go through the tunnel. I want them to go through eth2 device and
> not ispec0.
>
> > > I just have a  new problem. VPN is loaded, trafic goes through vpn and
> > > i can't access router interface. Trafic to 192.168.7.1 goes through
> > > ipsec0 interface.
> > >
> > > Here is routing table:
> > >
> > > 192.168.7.0   0.0.0.0         255.255.255.0 eth2
> > > 192.168.7.0   0.0.0.0         255.255.255.0 ipsec0
> >
> > This route into ipsec0 is bogus. I am hunting down this bug myself too.
> > Is this on a system with busybox, and its version of the "ip" command?
>
> No, i don't use busybox (it is used for the ipcop install but not for
> the system itself) and i use iproute2 version 2.4.7-now-ss010824.
> Should i upgrade iproute2 to a new version? I hope i don't have to do
> that.
>
> > I'm running into this myself on openwrt. What is a workaround for me
> > is to do:
> >
> >         route del 192.168.7.0 dev ipsec0
> >         route add 192.168.7.1 dev eth2
> >
> > I think this is a bug in the _updown script.
>
> Effectively, i have already tried the "route del 192.168.7.0 dev
> ipsec0" and it works. I have also try a "route add 192.168.7.1 dev
> eth2" without running "route del 192.168.7.0 dev ipsec0" and it works.
>
> So, if i am right, i can always delete the route 192.168.7.0 dev
> ipsec0 ? This route is not needed by ipsec to load tunnel ? If i can,
> i just have top add a command to delete the route in my C program
> which run ipsec.
>
> Thanks a lot for your help.
>

More information about the Users mailing list