I have problem with ipsec an openvpn tunnel. I have to have source based routing.
assume we have configuration below, after openvpn tunnel (tun0) is up: #ip route --8<---------------cut here---------------start------------->8--- default via 172.20.10.1 dev wlan0 10.0.0.0/16 via 10.8.17.5 dev tun0 [...some other routes, important thing is that there are is some subnets not whole 0.0.0.0/0 ...] --8<---------------cut here---------------end--------------->8--- #ip route show table 1000 --8<---------------cut here---------------start------------->8--- 0.0.0.0/1 dev tun0 scope link 128.0.0.0/1 dev tun0 scope link --8<---------------cut here---------------end--------------->8--- (I tried not to use "default" route in this table, but with "default" result was the same) #ip rule show --8<---------------cut here---------------start------------->8--- 0: from all lookup local 220: from all lookup 220 1000: from 10.8.17.6 lookup 1000 32766: from all lookup main 32767: from all lookup default --8<---------------cut here---------------end--------------->8--- then I try to establish ipsec connection: I got error message like: --8<---------------cut here---------------start------------->8--- [...] [IKE] IKE_SA alfa[30] established between 10.8.17.6[zzzz]...xxxx[yyyy] [IKE] scheduling rekeying in 13679s [IKE] maximum IKE_SA lifetime 15119s [CFG] selected proposal: ESP:AES_GCM_16_128/NO_EXT_SEQ [KNL] received netlink error: Network is unreachable (101) [KNL] unable to install source route for 192.168.200.244 --8<---------------cut here---------------end--------------->8--- and 192.168.200.244 is attached to tun0 interface instead of wlan0 as I would expect #ip route show table 220 is empty When I start ipsec connection before openvpn - everything works also everything works when I resign from using rule 1000 and table 1000. (i.e. source based routing) Am I doing something wrong? KJ -- http://wolnelektury.pl/wesprzyj/teraz/