[Openswan Users] ipsec does not register routes
Jacco de Leeuw
jacco2 at dds.nl
Sun Oct 7 18:59:20 EDT 2007
Martin Krellmann wrote:
> After my openswan ipsec is now up and running (special thanks to Jacco)
> if have another little question.
For those who want to know, there were two problems (if I remember correctly).
There was a "%defaultroute cannot cope" because Openswan was not told what
interface to use. And the client was configured to use EAP-TLS instead of
CHAP.
> Why does openswan/xl2tp server not register the routes to the network
> behind the right system after the connection has established?
Which scenario do you have in mind, exactly? A road warrior setup for
Windows/Mac clients? In that case the server has no business registering
routes to the networks behind clients.
> conn trusetal.krellmann.net
> left=192.168.10.253
> leftcert=vpngate.potsdam.krellmann.net.pem
> leftprotoport=17/1701
> leftsubnet=192.168.10.0/24
> right=trusenkrell.dyndns.org
> rightcert=vpngate.trusetal.krellmann.net.pem
> rightprotoport=17/1701
> rightsubnet=192.168.178.0/24
This is no road warrior setup. Are both vpngates running Openswan?
Then you are probably better off with pure IPsec, leaving L2TP
out of the equation.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list