Routing differencies between 2.4 and 2.6 kernels
From: Ole Morten (olemotor_at_gmail.com)
Date: 05/06/05
- Next message: Dirk Becker: "Strange TCP/IP problem"
- Previous message: pom: "Connection Teaming"
- Next in thread: Mr. Boy: "Re: Routing differencies between 2.4 and 2.6 kernels"
- Reply: Mr. Boy: "Re: Routing differencies between 2.4 and 2.6 kernels"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 6 May 2005 12:05:34 +0200
Hi,
I have a Linux gateway using kernel 2.4.25, running
FreeSWAN 2.06 and OpenVPN 2.0. The gateway has
one public IP on eth0, one private IP on eth1 and is
through ipsec0(eth0) interface building three IPSEC
tunnels to our corporate private network. OpenVPN
uses the tun0 interface for road warriors. The gateway is
firewalled by iptables because it provides internet
access for the private network on eth1 and the
OpenVPN road warriors. NAT is enabled for traffic to
internet and for traffic from the OpenVPN subnet which
is not known by any corporate router.
eth0 Public internet
eth1 10.200.1.0/24 private network
ipsec0 10.0.0.0/8 corporate network
ipsec0 10.200.2.0/24 corporate network
ipsec0 10.200.3.0/24 corporate network
tun0 10.200.100.0/24 OpenVPN network
I don't have to worry at all because at present this
scenario works well, but personal curiosity and desire to
stay up to date with latest developments has made me
started experimenting with various versions of 2.6
kernels together with FreeSWAN but also OpenSWAN
2.3.0/2.3.1. However, so far I have not had complete
success running ipsec and OpenVPN simultaneously.
When testing I have disabled the firewall apart from
NAT.
ipsec0 interface is removed from all scripts when using
2.6 kernels.
All ip_forward flags in kernel are set to 1.
With only OpenVPN running, road warriors can access
private network on eth1 as well as internet on eth0.
Starting ipsec service will for some reason block road
warriors from the private network and corporate private
network, but they can reach the public internet.
Apart from the ipsec0 interface the output from
commands route and ip route looks similar for the 2.4
and 2.6 kernels.
When ipsec is running with kernel 2.6 almost everything
seems normal between the private and the corporate
networks. I say almost because I have discovered a
funny replication and mail routing problem between
Lotus Domino servers, this will be the next problem to
solve before trashing 2.4.
Can anyone give a clue or tell me the reason why
routing does not work between OpenVPN clients and
any of the private 10.x.x.x networks on kernel 2.6?
Many thanks in advance
brgds
Ole M.
- Next message: Dirk Becker: "Strange TCP/IP problem"
- Previous message: pom: "Connection Teaming"
- Next in thread: Mr. Boy: "Re: Routing differencies between 2.4 and 2.6 kernels"
- Reply: Mr. Boy: "Re: Routing differencies between 2.4 and 2.6 kernels"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
