[Openswan Users] Easy Routing Question
Paul Wouters
paul at xelerance.com
Mon May 14 13:56:57 EDT 2007
On Mon, 14 May 2007, Jae Chang wrote:
> I am converting an old freeswan gateway to openswan. I ran into this
> issue, which is different between the 2 versions.
>
> The gateway's local interface: 10.20.108.0/24
>
> An ipsec tunnel is configured with rightsubnet=10.0.0.0/8 (corporate
> network).
>
> Freeswan worked the way you would expect. Send all local traffic to the
> local interface. Everything else with a private ip 10.x.y.z., send thru
> the tunnel.
>
> Surprisingly, Openswan is now sending all traffic to the local network,
> thru the secure tunnel! The local network does not seem to have
> priority, in this case.
>
> If i do "% ip route", it shows the local network with higher priority
> than the secure tunnel. I can't understand why this would not work the
> way you would expect? Is there something I am missing with Openswan?
>
> Any info is greatly appreciated!!
You are probably using netkey, not klips, in which case you need to
exclude your local lan if it overlaps with a tunnel by adding a passthrough
connection.
conn passthrough
left=gatewayip
leftsubnet=10.20.108.0/24
right=0.0.0.0
rightsubnet=0.0.0.0/0
auto=route
authby=never
type=passthrough
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list