[Openswan Users] What does openswan/netkey by way of a default route?

Whit Blauvelt whit at transpect.com
Tue Mar 9 19:49:36 EST 2010


Hi,

Can someone either explain or point me to what openswan/netkey
expects/requires by way of a default route? I'm asking because my setup
doesn't use a single, simple routing table. I have rules sending stuff
through six different tables. Setting a default route in "main" would break
the rest of the setup.

I finally found a description of netkey's requirements regarding iptables at
"http://lists.openswan.org/pipermail/users/2008-January/013810.html". That
wasn't at all easy to find. If it's right it should be incorporated in the
docs that come with openswan, and the wiki. The firewall.html doc in the tar
is from freeswan days - which of course presumes klips.

Anyway, I'm getting the hint the iptables stuff won't be enough by itself,
unless I also have a workaround in place for whatever openswan/netkey
expects to be doing that's dependent on a default route being set - which in
its simple form isn't on option that maps onto my router/firewall's
necessary configuration for everything else it does (5 interfaces, most with
multiple IPs, dual homed on internet, multiple LANs, etc.). So when I see
openswan's complaining it can't find that default route, what I need is a
hint for how to fix whatever it's depending on having a default route to do,
without breaking my configuration by throwing a default route into table
"main".

Went over and looked at Strongswan, and that's far, far less documented.
Scarey. Has the world gone so strongly over to using either appliances or
OpenVPN that Linux IPsec is just fading away?

Best,
Whit


More information about the Users mailing list