[Openswan Users] Easy Routing Question

Jae Chang jc-openswan at jline.com
Mon May 14 17:13:22 EDT 2007


Hi Paul... thanks for the pointer. however, adding the passthrough 
connection has not made any difference. i added the passthrough 
connection on the gateway with the 10.20.108.0/24 local network. 
however, local network traffic is still going over the secure tunnel, 
instead of going thru the local interface.

i must be missing something?! thanks!

jae

Paul Wouters wrote:
> On Mon, 14 May 2007, Jae Chang wrote:
>
>   
>> I am converting an old freeswan gateway to openswan. I ran into this
>> issue, which is different between the 2 versions.
>>
>> The gateway's local interface: 10.20.108.0/24
>>
>> An ipsec tunnel is configured with rightsubnet=10.0.0.0/8 (corporate
>> network).
>>
>> Freeswan worked the way you would expect. Send all local traffic to the
>> local interface. Everything else with a private ip 10.x.y.z., send thru
>> the tunnel.
>>
>> Surprisingly, Openswan is now sending all traffic to the local network,
>> thru the secure tunnel! The local network does not seem to have
>> priority, in this case.
>>
>> If i do "% ip route", it shows the local network with higher priority
>> than the secure tunnel. I can't understand why this would not work the
>> way you would expect? Is there something I am missing with Openswan?
>>
>> Any info is greatly appreciated!!
>>     
>
> You are probably using netkey, not klips, in which case you need to
> exclude your local lan if it overlaps with a tunnel by adding a passthrough
> connection.
>
> conn passthrough
> 	left=gatewayip
> 	leftsubnet=10.20.108.0/24
> 	right=0.0.0.0
> 	rightsubnet=0.0.0.0/0
> 	auto=route
> 	authby=never
> 	type=passthrough
>
> Paul
>   


More information about the Users mailing list