FreeS/WAN problem
 

Hi,

I realise this will probably be a stupid question, but I am trying to get FreeS/WAN running on my RH9 Firewall/Gateway box with ADSL, so I can have a VPN to another ADSL person.

My problem at the moment is that when I start IPSEC, my routing table becomes weird, and consequently all traffic you'd think would head out of my ppp0 interface decides it must now go out of the ipsec0 interface. The VPN has not been established yet, I have just started ipsec.

My routing table becomes (note lack of even DNS entries):

203.17.x * 255.255.255.255 UH 0 0 0 ppp0
203.17.x * 255.255.255.255 UH 0 0 0 ipsec0
10.0.0.0 * 255.255.255.0 U 0 0 0 eth1
169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 203.17.x 128.0.0.0 UG 0 0 0 ipsec0
128.0.0.0 203.17.x 128.0.0.0 UG 0 0 0 ipsec0
default 203.17.x 0.0.0.0 UG 0 0 0 ppp0

the 203.17.x numbers are the next hop onto my ISPs network.

Shorewall rejects all the traffic when the routing table is in this mode, mainly as there is no "IN" interface.

eg.

Aug 9 09:12:56 localhost kernel: Shorewall:all2all:REJECT:IN= OUT=ipsec0 SRC=203.113.x DST=210.15.254.241 LEN=72 TOS=0x00 PREC=0x00 TTL=64 ID=30328 DF PROTO=UDP SPT=1028 DPT=53 LEN=52

Which seems wrong.

I am using FreeS/WAN 2.01 with RH9 on a 2.4.20-19.9 kernel...

My ipsec.conf is:

conn %default
keyingtries=0
compress=yes
disablearrivalcheck=no
authby=rsaig
leftrsasigkey=%cert
rightrsasigkey=%cert

conn roadwarrior-net
leftsubnet=10.0.0.0/24
also=roadwarrior

conn roadwarrior
right=%any
rightsubnetwithin=192.168.1.0/24_
left=%defaultroute
leftcert=serverCert.pem
auto-add
pfs=yes

I would be most grateful if anybody would be able to help me with this, it's beginning to drive me insane.....

It's probably something simple ;)

Thanks..