[Openswan Users] Routing issue?

Mikhail Yu. Kononets mkononets at gmail.com
Fri Jul 4 09:04:18 EDT 2008

Hi all.

I've set up an ipsec/l2tp gateway using klips. When a client connects, 
openswan sets up a host route to this client with a route destination of 
ipsec1 interface. The result is that all non-ipsec traffic from the 
gateway to client is also directed to the ipsec1 interface (iptraf shows 
that) and does not come to destination. This looks strange especially 
when a client is behind some NAT box, so that the openswan sets this 
routing rule not to a client but to the NAT box thus breaking non-ipsec 
traffic on the way from the gateway to NAT box. In my case ssh 
connection was frozen and ping did not work all the time while ipsec 
connection was up. iptraf running on the gateway showed that non-ipsec 
traffic arrived on the gateway at the eth corresponding interface but 
leaved the gateway on the ipsec interface and did not reach its 
destination. If i removed this rule on the gateway by hand, non-secured 
traffic started to go without any problem.

Is that an intended behaviour of openswan or there could be some 
misconfiguration? This problem does not arise when i use netkey. 
However, a similar route is also set up, but with a destination of 
corresponding eth interface, and non-ipsec traffic goes normally both ways.


More information about the Users mailing list