[Openswan Users] Routing problem in Ipsec ?

SCHNEIDER Benoit ton.ami.totoro at gmail.com
Fri May 6 10:45:15 EDT 2011

Thank's for answering.

I will chek for it.
I can't use "ipsec eroute" It make me a error "/usr/lib/ipsec/eroute: NETKEY
does not support eroute table."
I want de says thant when I do a traceroute of a IP adresse who is bihind
the tunnel, the traceroute, don't use the tunnel.
The tunnel don't look to be taken.



2011/5/6 Paul Wouters <paul at xelerance.com>

> On Fri, 6 May 2011, SCHNEIDER Benoit wrote:
>  At my job we have a VPN's server who have many VPN tunnel up (near 300)
>> I have a problem with on of them.
>> The VPN is up, but when I'm trying to ping a IP adresse who is bihind the
>> tunnel the ping packet go outsid of the
>> tunnel. He look to don't take the right network intephace
>> Did they have a way to see all routing table who work in Ipsec, and fixe
>> it ?
> I am not sure what you mean. For KLIPS, you can use "ipsec eroute" and
> "route -n" to
> check. With NETKEY you have to dig through "ip xfrm state" (and no routes
> are used)
> You probably have a typo in the address range and it matches no policies
> (and when
> using KLIPS, the typoed route was added) ?
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110506/ba2f22ae/attachment.html 

More information about the Users mailing list