[Openswan Users] ipsec can't route pakets comming out of the tunnel
Eike Lohmann
e.lohmann at ic3s.de
Fri Dec 4 10:11:43 EST 2009
Hi,
I am comming from Kernel 2.4 where IPSec has an interface and routing,
filtering was no problem.
With Kernel 2.6 it's a mess, I have a running IPSec Tunnel with
following rules.
10.4.0.0/16[any] 0.0.0.0/0[any] any
0.0.0.0/0[any] 10.4.0.0/16[any] any
Pakets comming from 10.4.0.0/16 with any destination other than 10.4.0.0
can be routed and filtered.
Pakets comming from 10.4.0.0/16 with a destination in 10.4.0.0/16 can be
filtered but can't be routed.
I have tried iptables with marks, iptables with policy match but the
pakets with a destination to 10.4.0.0/16 are allways send into the
ipsectunnel.
My constellation is maybe a rare example, but I can't change it.
Many thanks for your help
elo
More information about the Users
mailing list