I set up a VPN between two Linux gateway PCs with a LAN behind each gw
using OpenSwan.
It works, but there is something which I did not expect: When I ping
between the LANs through the VPN tunnel, Ethereal shows me that there
are not only ESP frames going through the tunnel, but also ICMP (ping)
requests and replies. Its seems that for each ping request-reply-pair
there is one ESP frame. I´d expect that there are only ESP frames
between the gateways.
I figure that in former releases of FreeSwan there used to be an ipsecX
interface which could be used to send all traffic through it, but in my
OpenSwan release there is no ipsecX interface anymore.
How can I force ALL traffic to use the IPSec tunnel?
I have not configured any iptables rules yet.
I´d appreciate any hint
Thank you
Mathias...
Here is my ipsec.conf:
# basic configuration
config setup
forwardcontrol=yes
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
#klipsdebug=all
#plutodebug="control parsing"
#plutodebug=all
# Certificate Revocation List handling
#crlcheckinterval=600
#strictcrlpolicy=yes
# Change rp_filter setting, default = 0 (switch off)
#rp_filter=%unchanged
# Switch on NAT-Traversal (if patch is installed)
#nat_traversal=yes
# default settings for connections
conn %default
# Default: %forever (try forever)
#keyingtries=3
# Sig keys (default: %dnsondemand)
authby=rsasig
auto=add
left=192.168.254.10
leftsubnet=192.168.179.0/24
leftrsasigkey=0sAQOr2...
# Lifetimes, defaults are 1h/8hrs
#ikelifetime=20m
#keylife=1h
#rekeymargin=8m
# Add connections here
# VPN connection to VPNSRV
conn hp-VPNSRV
right=192.168.254.23
rightsubnet=192.168.178.0/24
rightrsasigkey=0sAQO...
|
Similar Threads
Linear Mode
