Hi there,
'd like to share this, as it may be a problem for more people.
Have a dsl-line transparent to the SME server (DHCP-Spoof). The gateway that my ISP provides, however is on a totally different subnet.
i.e. external ip = 81.207.xx.xx
gateway = 195.190.xx.xx
For normal internet this is no problem, since SME can set the default gateway.
While building the VPN's (using the freeswan rpm's & the devinfo contrib) adding the network will fail, because the new network is unreachable on the new interface (ipsec0 instead of eth1/0)
Solution is to change the updown script in:
/usr/local/lib/ipsec/_updown
After doroute() add the following line:
route $1 $PLUTO_NEXT_HOP dev ipsec0
!!! Please note: this is only nessecary if your gateway is on a different subnet than your external ip !!!
This will make your gateway reachable for ipsec0.
Since this little change on the contrib, I have the ipsec-tunnels up for months without problems...
Medimo
0 Replies
772 Views