[Openswan Users] Routing problem

Paul Wouters paul at xelerance.com
Thu Feb 8 11:36:58 EST 2007


On Thu, 8 Feb 2007, Ludovic wrote:

Did you try adding failureshunt=passthrough and using the stock updown script?

Paul

> Date: Thu, 8 Feb 2007 12:00:22 +0100
> From: Ludovic <ludovic.mailinglist at gmail.com>
> Cc: Tuomo Soini <tis at foobar.fi>, users at openswan.org
> To: Paul Wouters <paul at xelerance.com>
> Subject: Re: [Openswan Users] Routing problem
>
> Sorry to send again a mail but i always have problem.
>
> I'am currently trying to modify updown script in order to delete wrong
> route to 192.168.7.0/24 but it doesn't work.
>
> If i delete the route, it can't add route through ipsec to the peer
> subnet (in this case 192.168.2.0/24) since 192.168.7.1 is not
> reachable via ipsec0.
>
> I just have added :
>
> /sbin/route del -net 192.168.7.0 netmask 255.255.255.0 dev ipsec0
>
> Since it does not work, i think it is more complicated. Can you help
> me to modify the updown script? What should i add to the script ?
> Perhaps the delete command should depend on the PLUTO_VERB value ? I
> think it should but i'm not sure and i have difficulties to understand
> what the script is doing.
>
> Thanks a lot for your help.
>
> 2007/2/7, Ludovic <ludovic.mailinglist at gmail.com>:
> > "activated" means effectively that tunnel is added in configuration
> > file and vpn is up (or try to be up).
> >
> > To answer your question about unencrypted packet, I want to reach
> > 192.168.5.0/24 subnet with encrypted packet. My problem is that i
> > can't connect to the graphical interface of my router in front of my
> > ipsec gateway since packet are encrypted. I just want packet to
> > destination 192.168.7.0/24 not to be encrypted since they don't have
> > to go through the tunnel. I want them to go through eth2 device and
> > not ispec0.
> >
> > > > I just have a  new problem. VPN is loaded, trafic goes through vpn and
> > > > i can't access router interface. Trafic to 192.168.7.1 goes through
> > > > ipsec0 interface.
> > > >
> > > > Here is routing table:
> > > >
> > > > 192.168.7.0   0.0.0.0         255.255.255.0 eth2
> > > > 192.168.7.0   0.0.0.0         255.255.255.0 ipsec0
> > >
> > > This route into ipsec0 is bogus. I am hunting down this bug myself too.
> > > Is this on a system with busybox, and its version of the "ip" command?
> >
> > No, i don't use busybox (it is used for the ipcop install but not for
> > the system itself) and i use iproute2 version 2.4.7-now-ss010824.
> > Should i upgrade iproute2 to a new version? I hope i don't have to do
> > that.
> >
> > > I'm running into this myself on openwrt. What is a workaround for me
> > > is to do:
> > >
> > >         route del 192.168.7.0 dev ipsec0
> > >         route add 192.168.7.1 dev eth2
> > >
> > > I think this is a bug in the _updown script.
> >
> > Effectively, i have already tried the "route del 192.168.7.0 dev
> > ipsec0" and it works. I have also try a "route add 192.168.7.1 dev
> > eth2" without running "route del 192.168.7.0 dev ipsec0" and it works.
> >
> > So, if i am right, i can always delete the route 192.168.7.0 dev
> > ipsec0 ? This route is not needed by ipsec to load tunnel ? If i can,
> > i just have top add a command to delete the route in my C program
> > which run ipsec.
> >
> > Thanks a lot for your help.
> >
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list