I have a linux box (Readhat 8 2.4.18-14) configured with Shorewall firewall
(v1.4.5) and Freeswan ipsec (v2.01). The box has three NICS [loc(eth0),
net(eth1), dmz(eth2)] all assigned static IP addresses. The internet
connection is ADSL.
LAN1<----->Linux/Freeswan/Shorewall<----->Internet<---->Sonicwall<--->Router
<--->LAN2
|
|
DMZ
I've configured the box to work as a firewall/router with NAT which works
fine. PC's on LAN1 can access the internet with no problem. IPSEC has been
configured to provide a VPN between LAN1 and LAN2. When I enable freeswan
IPSEC, PC's on LAN1 can access PC'a on LAN2 fine, but they cannot access the
internet.
When I check the messages log on the linux firewall, it appears that all
outgoing packets from LAN1 are being routed through the VPN regardless of
their destination address (I've configured shorewalls tunnels as required).
For some reason I believe the problem is to do with routing. When IPSEC is
enabled I get the following routing table:
DESTINATION GATEWAY GENMASK Flags Metr
Ref Use Iface
<Internet Network> * <Public IP Netmask> U 0 0
0 eth1
<Internet Network> * <Public IP Netmask> U 0 0
0 ipsec0
<DMZ Network> * <DMZ IP Netmask> U 0
0 0 eth2
<LAN1 Network> * <LAN1 IP Netmask> U 0
0 0 eth0
<LAN2 Network> <ISP Gateway> <LAN2 IP Netmask> UG 0 0
0 ipsec0
127.0.0.0 * 255.0.0.0 U
0 0 0 lo
default <ISP Gateway> 128.0.0.0 UG 0 0
0 ipsec0
128.0.0.0 <ISP Gateway> 128.0.0.0 UG 0
0 0 ipsec0
default <ISP Gateway> 0.0.0.0 UG 0 0 0
eth1
>From my reading of this output, it seems that the default gateway has now
become the ipsec0 virtual adaptor. Is this correct or am I completely wrong.
If I am wrong then where else can I start looking?
Thankyou
_______________________________________________
FreeS/WAN Users mailing list
[EMAIL PROTECTED]
https://mj2.freeswan.org/cgi-bin/mj_wwwusr
