From: Mark Weaver (mark_at_npsl.co.uk)
Date: Sat Nov 23 2002 - 13:32:18 CET
Hi,
Probably easiest just to give the setup:
<- internet Freeswan gateway/firewall ----> Freeswan client machine
DYN IP 10.0.5.1 10.0.5.27
The tunnel is 0/0 -- 10.0.5.1 --- 10.0.5.27/32.
The tunnel is brought up fine, and the routes are correct for everything
apart from the LAN over which the tunnel is established:
10.0.5.0/24 dev eth0 proto kernel scope link src 10.0.5.27
10.0.5.0/24 dev ipsec0 proto kernel scope link src 10.0.5.27
127.0.0.0/8 dev lo scope link
0.0.0.0/1 via 10.0.5.1 dev ipsec0
128.0.0.0/1 via 10.0.5.1 dev ipsec0
default via 10.0.5.1 dev eth0
The problem is that 10.0.5.0/24 (the LAN) is not routed through the gateway.
I can get around this by simply deleting the link scope route, using a
custom _updown script. (btw, would other people find it useful to have
something along the lines of :
SCRIPT="/etc/ipsec/$PLUTO_CONNECTION.updown"
[ -x $SCRIPT ] && $SCRIPT up
in the _updown scripts, making it easy to have custom _updown rules that
simply modify the defaults? I've used this method for a while...)
The question is, have I got something wrong in my configuration or should
freeswan have put the (correct) routes in?
Mark
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Tue Nov 26 2002 - 05:20:48 CET