[Openswan Users] Bad route for ipsec0

escarabajal_emmanuel at orange.fr escarabajal_emmanuel at orange.fr
Sun Feb 15 21:22:03 EST 2009 

Hi list,

I've been using successfully Openswan for more than 3 years between a
linux box and a Cisco Pix. The internet connection was managed by the
linux box plugged to an ethernet adsl modem. ipsec0 was on ppp0.

Now, i have to use an adsl router to connect to internet, directly
plugged to my linux box via ethernet; now ipsec0 is on eth0.
I changed left=my_fixed_ppp0_ip_address to left=my_eth0_ip_address but I
no more have the correct route added when the tunnel starts.
I used to have :

Destination     Passerelle      Genmask         Indic Metric Ref    Use
Iface
192.68.8.0       0.0.0.0         255.255.255.0      U       0         
0        0   ipsec0
.....
0.0.0.0            xx.xx.xx.xx    0.0.0.0                   UG   
0          0        0   ppp0

and now I get :

Destination     Passerelle      Genmask         Indic Metric Ref    Use
Iface
192.168.1.0    0.0.0.0         255.255.255.0      U       0         
0        0   eth0
192.168.1.0    0.0.0.0         255.255.255.0      U       0         
0        0   ipsec0
.....
0.0.0.0          192.168.1.254    0.0.0.0              UG    0         
0        0   eth0

this is what I get in the logs :

...
Feb 16 02:29:41 irm pluto[13057]: added connection description "irm2rsn"
Feb 16 02:29:41 irm pluto[13057]: |
192.168.44.0/24===192.168.1.254---192.168.1.1...192.168.1.1---210.159.204.57===192.68.8.0/24
...
Feb 16 02:29:41 irm pluto[13057]: adding interface ipsec0/eth0 192.168.1.254
...

Searched for similar cases withe google but found nothing working ...

Does anybody have an idea?

I don't know the rightnexthop as I don't manage the remote network, but
it did work without in the previous configuration.

Here is my config :

 config setup
        interfaces=%defaultroute
        klipsdebug=all
        plutodebug=all
        plutoload=%search
        plutostart=%search
        plutowait=no
        uniqueids=yes
        fragicmp=no
        nat_traversal=no


# Defaults for all connection descriptions
conn %default
        keyingtries=0
#       disablearrivalcheck=no
#       leftrsasigkey=%dnsondemand
#       rightrsasigkey=%dnsondemand
#       authby=rsasig
#       auto=add

conn irm2rsn
        left=192.168.1.254
        leftnexthop=%defaultroute
        leftsubnet=192.168.44.0/24
        right=210.159.204.57
        rightnexthop=
        rightsubnet=192.68.8.0/24
        authby=secret
        type=tunnel
        keyexchange=ike
        keyingtries=0
        auth=esp
        esp=3des-md5-96
        ike=3des-md5-96
        pfs=no
        keylife=8h
        ikelifetime=86400
        auto=add


MaNU

More information about the Users mailing list