[Openswan Users] Weird routing issue - at least to me.‏

[Tim Larsen]

Hi all

I have a weird routing issue that I cant make heads or tails of.

In a test setup I have created a scenario like this:

branch1 10.1.1.0/29

to

branch0 10.1.0.0/24

to

main 10.0.0.0/8

The purpose is to get branch1 to be able to reach main and branch0.

I created one tunnel between branch 1 and branch0 like this:

Branch1                  Branch0
10.1.1.0/29 <-> 10.1.0.0/24

And one tunnel between branch0 and main like this:

Branch0                    Main
10.1.0.0/23 <-> 10.0.0.0/8

All tunnels come up fine and I can ping across from branch1 to the main
network. 
However, when I try to ping from branch1 to branch0 the reply to the
ping, which should be going to the 10.1.1.0/29 network goes down the
tunnel to the main site to 10.0.0.0/8.

I am currently using OpenSwan 2.4.9 (yes it's a bit old :)) with some
patches to allow me to keep the ipsec interfaces.

The routing table looks fine on all three systems and if I disable the
tunnel to the main site the traffic flows fine between branch1 and
branch0. The direction of the traffic is of no importance, meaning it
does not matter where I initiate the pings - if all three tunnels are
up, any traffic from the branch0 site to 10.1.1.0/29 obstinately goes
down the tunnel to 10.0.0.0/8.

If I change the branch1 network to be completely out of the 10 range,
like a 192.168 range subnet, the connectivity works fine and all traffic
goes where it should.

So my question is, why does the traffic follow the routing table fine
when I access resources across the branch0 site but not when I try to
access resources on the branch0 site?



-- 
Tim Larsen



This email has been processed by SmoothZap - www.smoothwall.net