[Openswan Users] routing issues with netkey
jacco at 0xcafebabe.nl
Mon Mar 10 12:30:24 EDT 2008
LS, has anyone come across routing problems with the netkey implemetation
under fedora? I use fc7 with kernel 188.8.131.52-80.fc7 and
The setup is a host-to-network vpn between the host and the gateway are 2
NAT (10.0.53.20 <-> 172.20.1.50)
NAT (10.80.6.2 <-> 10.0.13.71)
I've setup the vpn using X509 certificates and the log says the vpn is
established. However ip xfrm policy show tells that the vpn is between
10.0.13.71 and 172.16.42.0/24 _updown also added a route to 10.0.13.71.
When sending traffic to 10.0.13.71 from the 172.16.42.0/24 I see indeed
ESP traffic to the host but the host never answers because the address of
the unpacked packets is 10.0.13.71 and not 10.80.6.2.
I tried to set the policy by hand and it looks ok but does not work. Can
anyone shed some light on how openswan/netkey handles routing and how to
get this setup going?
Try to relax and enjoy the crisis.
-- Ashleigh Brilliant
More information about the Users