Hi
I am planning ro route a remote location on a wireless link through a ipsec
tunnel to the internet. The set up specifies a
0.0.0.0/0 subnet behind the tunnel, but this is what I get in the route
after issuing ipsec start.
This is on Bering 1_0.stable 2.4.18
before ipsec start
# ip route
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.1
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.2
default via 192.168.10.1 dev eth1
gatekeeper: -root-
# /etc/init.d/ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 1.97...
ipsec_setup: Using /lib/modules/ipsec.o
gatekeeper: -root-
# ip route
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.1
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.2
192.168.10.0/24 dev ipsec0 proto kernel scope link src 192.168.10.2
0.0.0.0/1 via 192.168.10.1 dev ipsec0
128.0.0.0/1 via 192.168.10.1 dev ipsec0
default via 192.168.10.1 dev eth1
now the 0.0.0.0/1 and 128.0.0.0/1 routes puzzle me, here is ipsec.conf
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
#interfaces=%defaultroute
interfaces="ipsec0=eth1"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup
actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
conn valleygate-mountaingate
type=tunnel
auth=esp
authby=secret
keyexchange=ike
left=192.168.10.1
leftsubnet=0.0.0.0/0
leftfirewall=yes
right=192.168.10.2
rightsubnet=192.168.20.0/24
rightfirewall=yes
disablearrivalcheck=no
auto=start
Any thoughts
Thanks
Erich
THINK
P�ntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
- Re: [leaf-user] IPsec routing Erich Titl
- Re: [leaf-user] IPsec routing Charles Steinkuehler
- Re: [leaf-user] IPsec routing Erich Titl
