[Openswan Users] Routing issue?
Mikhail Yu. Kononets
mkononets at gmail.com
Fri Jul 4 09:04:18 EDT 2008
I've set up an ipsec/l2tp gateway using klips. When a client connects,
openswan sets up a host route to this client with a route destination of
ipsec1 interface. The result is that all non-ipsec traffic from the
gateway to client is also directed to the ipsec1 interface (iptraf shows
that) and does not come to destination. This looks strange especially
when a client is behind some NAT box, so that the openswan sets this
routing rule not to a client but to the NAT box thus breaking non-ipsec
traffic on the way from the gateway to NAT box. In my case ssh
connection was frozen and ping did not work all the time while ipsec
connection was up. iptraf running on the gateway showed that non-ipsec
traffic arrived on the gateway at the eth corresponding interface but
leaved the gateway on the ipsec interface and did not reach its
destination. If i removed this rule on the gateway by hand, non-secured
traffic started to go without any problem.
Is that an intended behaviour of openswan or there could be some
misconfiguration? This problem does not arise when i use netkey.
However, a similar route is also set up, but with a destination of
corresponding eth interface, and non-ipsec traffic goes normally both ways.
More information about the Users