On Mon, Oct 01, 2018 at 04:16:48PM +0100, Kaya Saman wrote:
>
> On 10/1/18 4:12 PM, Janne Johansson wrote:
> >
> >
> > Den mån 1 okt. 2018 kl 16:56 skrev Kaya Saman <kayasaman@gmail.com
> > <mailto:kayasaman@gmail.com>>:
> >
> > Hi,
> > I've got an issue where something strange is happening with the
> > routing
> > table after establishing an ipsec connection.... it's quite hard to
> > describe but what happens is that the tunnel establishes then routing
> > goes down completely. The netstat -r command when run on the
> > router just
> > hangs and doesn't complete (show any routes).
> >
> >
> > Perhaps you can't reach your resolver, try running "netstat -rn" to
> > prevent netstat
> > from trying to resolve all ips and networks it lists.
> > --
> > May the most significant bit of your life be positive.
>
>
> The resolver is local. However, the issue is deeper as inter-subnet
> communications go down and these are ipv4 -> ipv4
>
>
> If I kill the isakmpd process then communication resumes, as in all layer3+
> services start functioning again: icmp, nfs, ssh etc....
>
Since your policy is from 0.0.0.0/0 to 0.0.0.0/0 all traffic will end up
in the ipsec tunnel. I doubt this is what you want. IPsec flows steal the
traffic before routing happens. I think you need to refine your policy
also check with tcpdump what happens on enc0, etc. pp.
--
:wq Claudio
No comments:
Post a Comment