[Openswan Users] routing issues with netkey
Jacco Kok
jacco at 0xcafebabe.nl
Mon Mar 10 12:30:24 EDT 2008
LS, has anyone come across routing problems with the netkey implemetation
under fedora? I use fc7 with kernel 2.6.23.15-80.fc7 and
openswan-2.4.7-3.fc7
The setup is a host-to-network vpn between the host and the gateway are 2
natting devices:
172.16.42.0/24
|
172.16.42.1
172.20.1.50 gw
|
NAT (10.0.53.20 <-> 172.20.1.50)
|
|
NAT (10.80.6.2 <-> 10.0.13.71)
|
10.80.6.2 host
I've setup the vpn using X509 certificates and the log says the vpn is
established. However ip xfrm policy show tells that the vpn is between
10.0.13.71 and 172.16.42.0/24 _updown also added a route to 10.0.13.71.
When sending traffic to 10.0.13.71 from the 172.16.42.0/24 I see indeed
ESP traffic to the host but the host never answers because the address of
the unpacked packets is 10.0.13.71 and not 10.80.6.2.
I tried to set the policy by hand and it looks ok but does not work. Can
anyone shed some light on how openswan/netkey handles routing and how to
get this setup going?
Thnx.
--
Try to relax and enjoy the crisis.
-- Ashleigh Brilliant
Jacco Kok
More information about the Users
mailing list