[Openswan Users] OpenSwan defaul route

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Jun 28 12:44:15 EDT 2010 

Tried that -  didn't seem to work.  And that seems to be the default 
unless explicitly set otherwise.

I don't think OpenSwan is even picking up the routing info from the OS 
but not sure how to verify either way.

I have a laptop, currently connected to internet via wifi, with the 
following routing output (eth1 is wifi, eth0 is wired and not currently 
connected so not showing up.)



-> netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
192.168.x.0     *               255.255.255.0   U         0 0          0 
eth1
192.168.122.0   *               255.255.255.0   U         0 0          0 
virbr0
default         192.168.x.1     0.0.0.0         UG        0 0          0 
eth1
->


On a wired connection you would see



-> netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt 
Iface
192.168.y.0     *               255.255.255.0   U         0 0          0 
eth0
192.168.122.0   *               255.255.255.0   U         0 0          0 
virbr0
default         192.168.y.1     0.0.0.0         UG        0 0          0 
eth0
->


So the OS has a default gateway.  I don't think routing daemons are running.

I don't think RHEL5 had the virbr0 (virtual bridge?) network interface.



Thanks



On 06/27/2010 11:41 PM, Paul Wouters wrote:
> On Sun, 27 Jun 2010, Gaiseric Vandal wrote:
>
>> In the configuration below, the corporate side is the "right" side of 
>> the
>> connection with a private LAN of 192.168.1.0/24.
>
>> # basic configuration
>> config setup
>>     # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>>     # klipsdebug=none
>>     # plutodebug="control parsing"
>>     nat_traversal=yes
>
> Add: interfaces="%defaulroute"
>
>> include /etc/ipsec.d/*.conf
>>
>> conn CORP
>>     type=tunnel
>>     #the following two lines work
>>         left=192.168.10.9
>>     leftsubnet=192.168.10.0/24
>>     #the following line did not work
>>     #left=%defaultroute
>>     leftid=@VPNusers
>>     leftxauthclient=yes
>>     right=x.x.x.x
>>     rightsubnet=192.168.1.x/24
>>     rightid=@CorporateRouter
>>     rightxauthserver=yes
>>     keyingtries=0
>>     pfs=no
>>     auto=add
>>     auth=esp
>>     esp=3des-sha1
>>     ike=3des-sha1-modp1024
>>     authby=secret
>>     aggrmode=yes
>>
>>
>>
>> ---------------------------------------------------------------------------- 
>>
>> ---------------------------------------------------
>>
>>
>> The client is the "left" side the connection.  Most remote  clients 
>> will get
>> an IP from a DHCP server.
>>
>> My home network  is 192.168.10.0/24, and my home PC is currently
>> 192.168.10.9.
>
> You want to use left=%defaultroute then. But it requires the 
> intefaces= line.
>
> Paul

More information about the Users mailing list