[Openswan Users] openswan weird ip routing issue
Randy Wyatt
rwyatt at nvtl.com
Tue Feb 16 13:31:48 EST 2010
<snip>
For your example, you'll need something like this:
conn local-0
authby=never
rightsubnet=192.168.1.0/24
rightrsasigkey=%none
left=192.168.1.1
leftsubnet=192.168.1.0/24
leftrsasigkey=%none
type=passthrough
auto=route
Not sure if all that's necessary but you need a type=passthrough and an
auto=route for your local subnet. It's a netkey thing.
</snip>
Why would I need to define a rightsubnet for a local bypass?
Unfortunately, this doesn't seem to make a difference, The only entry we
get in the logs are:
Ipsec__plutonrun: right do something with host case: 0
I can see the following policies listed with (ip xfrm policy)
Src 0.0.0.0/0 dst 192.168.1.0/24
Dir in priority 2368
Tmpl src 216.188.XXX.YYY dst 32.XXX.YYY.ZZZ
Proto esp reqid 16385 mode tunnel
Src 192.168.1.0/24 dst 192.168.1.0/24
Dir out priority 2344
Src 192.168.1.0/24 dst 0.0.0.0/0
Dir out priority 2368
Tmpl src 32.XXX.YYY.ZZZ dst 216.188.XXX.YYY
Proto esp reqid 16385 mod tunnel
Src 192.168.1.0/24 dst 192.168.1.0/24
Dir fwd priority 2368
Tmpl src 216.188.XXX.YYY dst 32.XXX.YYY.ZZZ
Proto esp reqid 16385 mode tunnel
Regards,
Randy
More information about the Users
mailing list