[Openswan Users] Automatic routing in config mode
hazaki
jacques.monin01 at gmail.com
Fri Apr 24 10:45:27 EDT 2015
Hello,
I am configuring two OpenSwan VPN clients with these configuration :
Client VPN LINUX : 172.16.0.3 - 1.1.1.1 - INTERNET - 2.2.2.2 - Firewall
- 172.16.1.0/24
Mode Config : 172.16.0.32-64 - 1.1.1.1 - INTERNET - 2.2.2.2 - Firewall -
172.16.1.0/24
I would like OpenSwan to detect the trafic goiing to a remote network,
open the tunnel and do the routing.
It works fine when the client is not in config mode, but it doesn't work
when the mode is enabled.
Here's the configuration which is working fine :
conn Visio
type=tunnel
authby=rsasig
dpddelay=30
keyingtries=5
dpdtimeout=120
right=2.2.2.2
rightsubnet=172.16.1.0/24
rightid=%myid
left=%defaultroute
leftsubnet=172.16.0.3/32
leftsourceip=172.16.0.3
leftcert=cert.pem
leftca=cacert.pem
leftrsasigkey=%cert
leftid=%fromcert
aggrmode=no
auto=route
auth=esp
keyexchange=ike
ike=aes256-sha2_256-modp1536
phase2alg=aes256-sha2_256;modp1024
pfs=yes
And the one which doesn't work
conn VisioCFG
type=tunnel
authby=rsasig
right=2.2.2.2
rightsubnet=172.16.1.0/24
rightid=%myid
leftmodecfgclient=yes
left=%defaultroute
leftcert=cert.pem
leftca=cacert.pem
leftrsasigkey=%cert
leftid=%fromcert
leftupdown="ipsec _updown --route yes"
modecfgpull=yes
aggrmode=no
auto=route
auth=esp
keyexchange=ike
ike=aes256-sha2_256-modp1536
phase2alg=aes256-sha2_256;modp1024
pfs=yes
It's seems that the routing is made at the beginning of ipsec service
so, how can be a mode config automatically routed ?
The field leftsourceip seems to allow the automatic routing but I can't
fill it in mode config.
Is there any way to create scripts to route and unroute tunnels after
being up ?
Thanks for helping
More information about the Users
mailing list