Re: IPSec WinXP interop
Right, I've upgraded to freeswan 2.01 from backports.org. This was
because the 1.96 that I was using from Woody didn't recognise the
leftprotoport and rightprotoport commands. I apt-got the source,
grepped, and sure enough they weren't there. This leads me to believe
But now I have a different problem. Upon reboot (recompiled the kernel
with the 2.01 patch), I couldn't ssh in. Doh! I was just able to get
onsite, and there was a problem with the routing table.
Kernel IP routing table
Destination Gateway Genmask Metric Ref Use
localnet * 255.255.255.240 0 0 0 eth1
localnet * 255.255.255.240 0 0 0 ipsec0
10.0.0.0 * 255.0.0.0 0 0 0 eth0
default 188.8.131.52 184.108.40.206 0 0 0 ipsec0
220.127.116.11 18.104.22.168 22.214.171.124 0 0 0 ipsec0
default 126.96.36.199 0.0.0.0 0 0 0 eth1
What happens is that pings in or out cause the ipsec0 packet transmit
count to increase, and that's about it. I had to /etc/init.d/stop ipsec
to get connectivity back.
I've googled a bit and don't see the answer. Best I could come up with
was http://lists.virus.org/freeswan-0307/msg00363.html. This states
that OE can cause freeswan to take over the default route. But I don't
want OE, and I can't for the life of me work out how to switch it off.
I think it has something to do with the default policies that 1.96
didn't have, but I also can't work out how to switch them off.