[Openswan Users] Bringing up ipsec breaks my routing <solved>

Josef wells Josefwells at alumni.utexas.net
Thu Jan 3 13:05:02 EST 2008 

I jumped on IRC yesterday and got some help.

I did:
ip addr list

and found that ipsec was adding my routers ip to the list of ips on eth0.
This stayed around even after stopping ipsec, and didn't get removed
until a full restart of networking.

This was added because my leftsourceip was set to my router rather
than my openswan host.

I fixed my leftsourceip and my tunnel came up.

Thanks for the help!
Josef

On Dec 27, 2007 9:50 AM, Josef wells <Josefwells at alumni.utexas.net> wrote:
> Hello all,
>
> I have been using openswan for a long time (since freeswan) to connect
> to a work vpn.
>
> I had been on a 172.16.0.1 network, but the office is moving to a
> 10.0.0.1 network so I decided to change my home network as well.
>
> I am running a debian unstable 2.6.22, behind a linksys wrt-dd router.
>  When I bring up ipsec, I get to here in authlog:
> pluto[20914]: "jwells-conn" #2: STATE_QUICK_I2: sent QI2, IPsec SA
> established {ESP=>0xe32f52b
> 3 <0xb2d6c6a6 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
>
> 10.90.105.241 is my router
> 10.90.105.242 is my linux machine
>
> When I attempt to connect to the router at all, it somehow gets routed
> back to the localhost.
>
> From 10.90.105.242, ssh 10.90.105.241 actually connects to 10.90.105.242 again!
>
> As you can imagine, this pretty much breaks everything.  The only way
> to fix it is to stop ipsec and restart networking!
>
> route before starting ipsec:
> 10.90.105.240   *               255.255.255.248 U     0      0        0 eth0
> default         Router      0.0.0.0         UG    0      0        0 eth0
>
> route after starting ipsec:
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 10.90.105.240   *               255.255.255.248 U     0      0        0 eth0
> 10.0.0.0        *               255.0.0.0       U     0      0        0 eth0
> default         10.90.105.241   0.0.0.0         UG    0      0        0 eth0
>
> iptables -L shows (all the time):
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> ipsec.conf:
> config setup
>      interfaces=%defaultroute
>      klipsdebug=none
>      plutodebug=none
>
> conn %default
>      left=0.0.0.0
>      keyingtries=0
>      authby=rsasig
>
> conn jwells-adi10
>      leftid=@jwells
>      left=%defaultroute
>      leftsubnet=10.90.105.240/29
>      leftsourceip=10.90.105.241
>      leftrsasigkey=blah
>      right=vpn_server_ip
>      rightnexthop=next_hop_ip
>      rightrsasigkey=blah
>      rightsubnet=10.0.0.0/8
>      auto=start
>
> Thanks for any help,
> Josef
>

More information about the Users mailing list