[Openswan Users] openswan isnt adding a route to Ubuntus IP table
Ryan McLeod
r.mcleod20 at gmail.com
Fri Jul 9 14:24:39 EDT 2010
connection config looks like:
*conn tunnelipsec
type=tunnel
authby=secret
left=192.168.92.128
leftnexthop=192.168.92.2
leftsubnet=192.168.92.0/24
right=200.200.200.1
rightnexthop=200.200.200.2
rightsubnet=192.168.1.0/24
esp=3des-md5
keyexchange=ike
pfs=no
auto=star*t
The connection establishes just fine. On the openswan server, if i ping
192.168.1.5, a host on the remote network, the traffic goes through the
tunnel encrypted. if i ping that host from the local subnet, it goes over
the wire unencrypted. Looking at the route table on the openswan box, there
is no entry for the remote network:
Destination Gateway Genmask
192.168.92.0 * 255.255.255.0
link-local * 255.255.0.0
default 192.168.92.2 0.0.0.0
I initialize the tunnel with: ipsec auto --up tunnelipsec
I have added to iptables:
$IPTABLES -A INPUT -p udp --dport 500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 500 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 4500 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 4500 -j ACCEPT
$IPTABLES -t mangle -A PREROUTING -i eth1 -p esp -j MARK --set-mark 1
$IPTABLES -A FORWARD -i eth1 -m mark --mark 1 -d 192.168.2.0/24 -j ACCEPT
Any help is appreciated,
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100709/7dd8677f/attachment.html
More information about the Users
mailing list