All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Advanced Routing and FreeSwan
@ 2004-08-12 13:21 Philip Reetz
  0 siblings, 0 replies; only message in thread
From: Philip Reetz @ 2004-08-12 13:21 UTC (permalink / raw)
  To: lartc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
I'm trying to setup a central IPSEC-Gateway with several ipsec tunnels.
Some are to be routed over one leased line, some over the other leased
line. Both leased lines have their own public ip adress.
The setup looks kinda like this:


eth1(ipsec0)--ISP0--Internet--eth1-Linux1-eth0--Subnet1
                                  /
(ipsec-tunnel0)
Intranet--eth0-Linux-HQ
                                  \
(ipsec-tunnel1)

eth2(ipsec1)--ISP1--Internet--eth1-Linux2-eth0--Subnet2

I wanted to use the advanced routing features (ip command) of the linux
kernel to solve the routing issues. When advanced routing is activated I
can start tunnel0. After a few seconds their is still traffic on ipsec0
but not eth1.
When I deactivate advanced routing and bring down eth2, tunnel0 works
flawlessly.
I used Debian Stable with kernel 2.4.20
Freeswan: 1.98b

The setup for the advanced routing looks like this:
- -snip-
#!/bin/sh

function ip {
  echo ip "$@"
  /sbin/ip "$@"
}

[ "$DEBUG" != "1" ] && unset ip

# P1 Gateway, P1_NET Network address, IP1 local address, IF1 interfac
e
export IF1=eth0
export IP1!2.202.224.34
export P1!2.202.224.33
export P1_NET!2.202.224.32/29

export IF2=eth2
export IP2ƒ.236.132.166
export P2ƒ.236.132.165
export P2_NETƒ.236.132.164/30

if [ "$1" = "start" ]; then
  echo 'Setting up advanced routing'


  ip route add $P1_NET via $P1 src $IP1 table qsc1
  ip route add default via $P1 table qsc1
  ip route add $P2_NET via $P2 src $IP2 table qsc2
  ip route add default via $P2 table qsc2
  ip route add 192.168.2.0/24 dev ipsec0 table qsc1

  ip rule add from $IP1 table qsc1
  ip rule add from $IP2 table qsc2

  ip route flush cache

elif [ "$1" = "stop" ]; then
  ip route flush table qsc1
  ip route flush table qsc2

  ip rule del from $IP1 table qsc1
  ip rule del from $IP2 table qsc2

  ip route flush cache

  echo 'Stopping advanced routing'
else
  echo 'Unknown parameter '$1
fi

Any help is greatly appreciated.

Ciao,
Philip
- --
LINET Services GbR

Gotenweg 15                      Tel.: 0531-280 191 71
38106 Braunschweig               Fax.: 0531-280 191 72

http://www.linet-services.de
mailto:info@linet-services.de

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFBG27yHf7qoDPJh6ERAks7AKC8hMMukXnAaA2SKhik+EJUu7ukewCgvL4o
4tNDTbFs09eEbAg6lcVSJsQ=buZw
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2004-08-12 13:21 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-12 13:21 [LARTC] Advanced Routing and FreeSwan Philip Reetz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.