From: Michael W. - i. B. S. G. <mw...@iq...> - 2011-06-29 20:21:23
|
> Having a multiple default route (set up by shorewall) > Shorewall stopped, the tunnel connection is fine > Shorewall started, i can't reach the remote end Unfortunately I read only the last few e-mails and somehow missed the way how your route is shown in table which points to the remote site. Can you show it to me please? I dont think its shorewall as well. I habe approx 10 shorewall gates with versions from 3.xx to 4.xx and on each I have approx 30 up to 200 default routes with vlan and alternative table support. I use openswan as well on each machine and the gameplay between those two applications is just perfect! The only difference in our setup is, that routing is setup by customized scripts instead of shorewall. So show me your route maybe I can find something. -----Ursprüngliche Nachricht----- Von: Laurent CARON [mailto:lc...@un...] Gesendet: Mittwoch, 29. Juni 2011 21:56 An: Shorewall Users Betreff: Re: [Shorewall-users] IPsec + Multi ISP not working On Wed, Jun 29, 2011 at 12:34:02PM -0700, Tom Eastep wrote: > It very much looks like you are using different OpenSwan configurations > as well as different Shorewall configurations. Are you restarting > OpenSWan as well as Shorewall? Yep, > A couple of things that I notice: > > a) You are running kernel 2.6.39 which is very bleeding edge. > b) The output of 'ip route ls' looks like none I've ever seen before; > it is unsorted. In my experience, it has always been sorted from > most specific to most general which puts default routes at the end of > the listing. I'm using: iproute 20100519-3 shorewall 4.4.11.6-3 openswan 1:2.6.28+dfsg-5 > I know of at least one Shorewall user who uses OpenSwan extensively with > multiple default routes; he has reported no issues such as yours. Tom, I'm sorry to insist but I did the following which leads to make me think shorewall is doing domething (most probably because of my config?). Having a single default route: Shorewall stopped or started openswan works fine Having a multiple default route (set up by shorewall) Shorewall stopped, the tunnel connection is fine Shorewall started, i can't reach the remote end ---------------------------------------------------------------------------- -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Shorewall-users mailing list Sho...@li... https://lists.sourceforge.net/lists/listinfo/shorewall-users |