Running on Redhat 8.0 - 2.4.20-18.8
Net
Diagram
Eth1 right subnet 192.168.0.0/24
RIGHT 4.4.4.4/24 road Warrior with x509
|
|
Internet
Default GW 1.1.1.4/29
|
|
|
LEFT_________________________________
eth0 1.1.1.1/29 Internet address of ipsec box
eth0:1 2.2.2.2/24 Address of ip alias on eth0 the /24 network is routed to the /29
FreeSwan
Kernel
Eth1
3.3.3.3/24 Inside
hosts
_____________________________________
ipsec.conf
interfaces="ipsec0=eth0:1"
conn thetunnel
left=2.2.2.2
leftnexthop=1.1.1.4
leftsubnet=3.3.3.3/24
leftcert=testsystem.test.com.pem
right=%any
rightsubnet=192.168.0.0/24
auto=add
pfs=yes
Ok, when I start ipsec on both sides I get this in my logs.
Aug 11 16:07:29 testsystem pluto[30848]: "thetunnel"[2] 4.4.4.4 #100: route-client output: SIOCADDRT: Network is unreachable
Aug 11 16:07:29 rockhopper1 pluto[30848]: "thetunnel"[2] 4.4.4.4 #100: route-client output: /usr/local/lib/ipsec/_updown: `route add -net 192.168.0.0 netmask 255.255.255.0 dev ipsec0 gw 1.1.1.4' failed
If I do the same config but I make left eth0 1.1.1.1�� I can get the tunnel up with no problems.
I think my problem is that left eth0:1 2.2.2.2 doesn�t have a gw on it�s own network but how can I get around this?
Many thanks in advance for any help,
Chad
PS. I already tried messing with the _updown script. If I take out the gw statement the tunnel will come up but continually rekey.
