Public bug reported:
Binary package hint: openswan
Contrary to what is said in the manpage for ipsec.conf, quote:
"leftnexthop: next-hop gateway IP address for the left participant’s
connection to the public network; [...] If the value is to be
overridden by the left=%defaultroute method (see above), an explicit value
must not be given.",
leftnexthop must be set to %defaultroute as well if the client connection to
the public network is via a gateway.
More precisely, with the attached ipsec.conf (slightly anonymized), after
sudo ipsec auto --route L2TP-PSK-CLIENT
the routing table looks like
Destination Gateway Genmask Flags Metric Ref Use Iface
vpn.example.com * 255.255.255.255 UH 0 0 0 eth0
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
link-local * 255.255.0.0 U 1000 0 0 eth0
default 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
Note that connections to the VPN server are incorrectly routed into the local
network, not via the gateway to the public network.
After adding
leftnexthop=%defaultroute
to /etc/ipsec.conf the first route above changes to
vpn.example.com 192.168.2.1 255.255.255.255 UGH 0 0 0 eth0
which is the correct behaviour.
This might either be a mistake in the documentation (i.e. leftnexthop is
now required even if left is %defaultroute) or a bug in OpenSWAN.
This is on Hardy with OpenSWAN 2.4.9.
** Affects: openswan (Ubuntu)
Importance: Undecided
Status: New
--
leftnexthop required even if left is %defaultroute
https://bugs.launchpad.net/bugs/244311
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
