[Ipsec-tools-users] Trafic out of tunnel is routed wrong

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

I've got a strange problem.

I've setup a ipsec tunnel but the routing goes wrong for data that comes out of the tunnel.

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.10.40.41     *               255.255.255.255 UH    0      0        0 eth0
217.112.115.16  *               255.255.255.240 U     0      0        0 eth1
localnet        *               255.255.255.0   U     0      0        0 eth0
default         ptr-217-112-115 0.0.0.0         UG    0      0        0 eth1

I also got the following tcpdumps:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
12:07:18.371279 IP 10.10.40.41.40343 > static.kpn.net.3005: S 1294316383:1294316383(0) win 5840 <mss 1460,sackOK,timestamp 907804396 0,nop,wscale 7>
12:07:21.367800 IP 10.10.40.41.40343 > static.kpn.net.3005: S 1294316383:1294316383(0) win 5840 <mss 1460,sackOK,timestamp 907805146 0,nop,wscale 7>
12:07:27.368085 IP 10.10.40.41.40343 > static.kpn.net.3005: S 1294316383:1294316383(0) win 5840 <mss 1460,sackOK,timestamp 907806646 0,nop,wscale 7>
12:07:39.368644 IP 10.10.40.41.40343 > static.kpn.net.3005: S 1294316383:1294316383(0) win 5840 <mss 1460,sackOK,timestamp 907809646 0,nop,wscale 7>

listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
12:07:18.391657 IP static.kpn.net.3005 > 10.10.40.41.40343: S 4032927390:4032927390(0) ack 1294316384 win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 242278463 907804396>
12:07:21.387001 IP static.kpn.net.3005 > 10.10.40.41.40343: S 4032927390:4032927390(0) ack 1294316384 win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 242278762 907805146>
12:07:24.378329 IP static.kpn.net.3005 > 10.10.40.41.40343: S 4032927390:4032927390(0) ack 1294316384 win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 242279062 907805146>
12:07:27.441229 IP static.kpn.net.3005 > 10.10.40.41.40343: S 4032927390:4032927390(0) ack 1294316384 win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 242279368 907806646>
12:07:33.438418 IP static.kpn.net.3005 > 10.10.40.41.40343: S 4032927390:4032927390(0) ack 1294316384 win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 242279968 907806646>
12:07:39.388321 IP static.kpn.net.3005 > 10.10.40.41.40343: S 4032927390:4032927390(0) ack 1294316384 win 8192 <mss 1460,nop,wscale 0,nop,nop,timestamp 242280562 907809646>

As you can see I send my request over eth0, however the response is send over eth1, and will there for never arrive.
Any idea's what might go wrong here?

Bernard