[Openswan Users] Weird routing issue - at least to me.
Alex Crow
acrow at integrafin.co.uk
Tue Mar 2 10:35:43 EST 2010
Tim Larsen wrote:
> Hi
>
> Thanks for the reply.
>
>
>> Either scenario won't work as 10.0.0.0/8 contains both 10.1.1.0/24
>> and 10.1.0.0/24.
>>
>> You need to have them in separate nets. Do you really need to use a
>> range as large as /8?
>>
>
> No, I can rearrange it and have done so to get it working. I was just
> surprised that the routing did not work as I expected when the traffic
> flows fine from the branch1 to the main site, crossing the branch0 site.
> It's only when accessing branch0 that the packets seem to not follow the
> routing table.
>
>
>
>
>
Tim,
Well, if you're trying to send to a network which is within the larger
range (but has a different gateway, in this case over a tunnel), I
believe the place they end up depends on the metric, and if that is the
same for both I'd hazard a guess it uses which ever one is first in the
routing table. This would be the case if your original mail was correct.
If your second mail is correct re: the IP ranges, the reason it works
fine to main is that that's effectively the only route you've added
(according to your update) - as branch0's range actually matches the
"main" network the traffic is going down that way instead of stopping there.
I'd suggest if this is a test for two branch offices to create one
tunnel from each branch to main, and if required another one between the
two branches.
Cheers
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100302/35dd547b/attachment-0001.html
More information about the Users
mailing list