Hi I tried to setup ipsec tunnel on debian 6.0, following http://www.ipsec-howto.org/x304.html using setkey/racoon (ipsec-tools/racoon 0.7.3-12) The diagram is like: local-gw remote-gw a.0/25 ---(a.126, xxx.3) <----Internet ---> (yyy.5, b.254) --->b.0/24 The /etc/ipsec-tools.conf on left side is: spdadd a.0/25 b.0/24 any -P out ipsec esp/tunnel/xxx.3-yyy.5/unique; spdadd b.0/24 a.0/25 any -P in ipsec esp/tunnel/yyy.5-xxx.3/unique; The the racoon log showed the SA established OK INFO: IPsec-SA established: ESP/Tunnel yyy.5[0]->xxx.3[0] spi=217278943(0xcf369df) IPsec-SA established: ESP/Tunnel xxx.3[500]->yyy.5[500] spi=1868651708(0x6f615cbc) But however the outgoing traffic from a.0/25 network seems go out without using IPSec. ( incoming traffic from remote site is ok, using the tshark it showed that ping from b.0/24 to a.0/25 use ESP ) according to: http://ipsec-tools.sourceforge.net/checklist.html
so I add ip route add b.0/24 via xxx.3 src a.126 ip route show: a.0/25 dev eth1 proto kernel scope link src a.126 b.0/24 via xxx.3 dev eth0 src a.126 default via xxx.1 dev eth0 But it still does NOT use IPsec to send out the outgoing traffic. Anything could be wrong? thanks Min |