Erich Titl wrote:
HiThe routes might puzzle you, but they are correct.
I am planning ro route a remote location on a wireless link through a ipsec tunnel to the internet. The set up specifies a
0.0.0.0/0 subnet behind the tunnel, but this is what I get in the route after issuing ipsec start.
This is on Bering 1_0.stable 2.4.18
before ipsec start
# ip route
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.1
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.2
default via 192.168.10.1 dev eth1
gatekeeper: -root-
# /etc/init.d/ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 1.97...
ipsec_setup: Using /lib/modules/ipsec.o
gatekeeper: -root-
# ip route
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.1
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.2
192.168.10.0/24 dev ipsec0 proto kernel scope link src 192.168.10.2
0.0.0.0/1 via 192.168.10.1 dev ipsec0
128.0.0.0/1 via 192.168.10.1 dev ipsec0
default via 192.168.10.1 dev eth1
now the 0.0.0.0/1 and 128.0.0.0/1 routes puzzle me, here is ipsec.conf
The IPSec scripts implement a "route to everything on the internet" tunnel this way to insure the more specific /1 routes through the VPN take precedence over any /0 default route you may (or may not) have in place.
It's a simple safety measure to insure no unencrypted traffic is sent out by mistake.
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
