[Openswan Users] Can't figure out routing with netkey
Ernest Mueller
Ernest.Mueller at ni.com
Wed May 26 14:57:05 EDT 2010
Hey all, noob question. I got a netkey tunnel going from an amazon EC2
instance back to my Cisco at home. But I can't get traffic to go that way.
All I see trying to read about netkey is that it "magically does that" so
I'm not quite sure where to go from here.
Tunnel's running in openswan 2.6.25 between a Fedora 12 instance with an
elastic IP and a Cisco router that's also NATted. On the left (Amazon), I
have a 10. network. Left hand box is privately 10.254.110.A, publically
184.73.168.B. Right hand box is publically 130.164.26.C, privately
130.164.0.D.
> service ipsec status
IPsec running - pluto pid: 22891
pluto pid 22891
1 tunnels up
some eroutes exist
Sadly, ipsec eroute just tells me "NETKEY does not support eroute table."
Whenever I try to ping/traceroute to 130.164.anything it goes out over the
internet instead of over my tunnel.
And my .conf is:
conn ni
type= tunnel
authby= secret
left= 10.254.110.A
leftid= 184.73.168.B
leftnexthop= %defaultroute
leftsubnet= 10.254.0.0/32
right= 130.164.26.C
rightid= 130.164.0.D
rightnexthop= %defaultroute
rightsubnet= 130.164.0.0/18
keyexchange= ike
pfs= no
auto= start
keyingtries= 3
disablearrivalcheck=no
ikelifetime= 240m
auth= esp
compress= no
keylife= 60m
forceencaps= yes
esp= 3des-md5
ifconfig tells me I just haev eth0 and lo (expected for netkey) and my
routing table is:
10.254.110.0/23 dev eth0 proto kernel scope link src 10.254.110.178
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.254.110.1 dev eth0
Any hints on what I need to do to get traffic going over my netkey?
Thanks,
Ernest
______________________
UN-altered REPRODUCTION and DISSEMINATION of
this IMPORTANT information is ENCOURAGED.
More information about the Users
mailing list