On 10/1/18 4:36 PM, Claudio Jeker wrote:
> On Mon, Oct 01, 2018 at 04:16:48PM +0100, Kaya Saman wrote:
>> On 10/1/18 4:12 PM, Janne Johansson wrote:
>>>
>>> Den mån 1 okt. 2018 kl 16:56 skrev Kaya Saman <kayasaman@gmail.com
>>> <mailto:kayasaman@gmail.com>>:
>>>
>>> Hi,
>>> I've got an issue where something strange is happening with the
>>> routing
>>> table after establishing an ipsec connection.... it's quite hard to
>>> describe but what happens is that the tunnel establishes then routing
>>> goes down completely. The netstat -r command when run on the
>>> router just
>>> hangs and doesn't complete (show any routes).
>>>
>>>
>>> Perhaps you can't reach your resolver, try running "netstat -rn" to
>>> prevent netstat
>>> from trying to resolve all ips and networks it lists.
>>> --
>>> May the most significant bit of your life be positive.
>>
>> The resolver is local. However, the issue is deeper as inter-subnet
>> communications go down and these are ipv4 -> ipv4
>>
>>
>> If I kill the isakmpd process then communication resumes, as in all layer3+
>> services start functioning again: icmp, nfs, ssh etc....
>>
> Since your policy is from 0.0.0.0/0 to 0.0.0.0/0 all traffic will end up
> in the ipsec tunnel. I doubt this is what you want. IPsec flows steal the
> traffic before routing happens. I think you need to refine your policy
> also check with tcpdump what happens on enc0, etc. pp.
>
I had a hunch that was the case!!
So I will try to make the other end work now without the "default route"
style policy.
No comments:
Post a Comment