[Openswan Users] Easy Routing Question
Jae Chang
jc-openswan at jline.com
Mon May 14 17:13:22 EDT 2007
Hi Paul... thanks for the pointer. however, adding the passthrough
connection has not made any difference. i added the passthrough
connection on the gateway with the 10.20.108.0/24 local network.
however, local network traffic is still going over the secure tunnel,
instead of going thru the local interface.
i must be missing something?! thanks!
jae
Paul Wouters wrote:
> On Mon, 14 May 2007, Jae Chang wrote:
>
>
>> I am converting an old freeswan gateway to openswan. I ran into this
>> issue, which is different between the 2 versions.
>>
>> The gateway's local interface: 10.20.108.0/24
>>
>> An ipsec tunnel is configured with rightsubnet=10.0.0.0/8 (corporate
>> network).
>>
>> Freeswan worked the way you would expect. Send all local traffic to the
>> local interface. Everything else with a private ip 10.x.y.z., send thru
>> the tunnel.
>>
>> Surprisingly, Openswan is now sending all traffic to the local network,
>> thru the secure tunnel! The local network does not seem to have
>> priority, in this case.
>>
>> If i do "% ip route", it shows the local network with higher priority
>> than the secure tunnel. I can't understand why this would not work the
>> way you would expect? Is there something I am missing with Openswan?
>>
>> Any info is greatly appreciated!!
>>
>
> You are probably using netkey, not klips, in which case you need to
> exclude your local lan if it overlaps with a tunnel by adding a passthrough
> connection.
>
> conn passthrough
> left=gatewayip
> leftsubnet=10.20.108.0/24
> right=0.0.0.0
> rightsubnet=0.0.0.0/0
> auto=route
> authby=never
> type=passthrough
>
> Paul
>
More information about the Users
mailing list