-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I'm trying to setup a central IPSEC-Gateway with several ipsec tunnels. Some are to be routed over one leased line, some over the other leased line. Both leased lines have their own public ip adress. The setup looks kinda like this: eth1(ipsec0)--ISP0--Internet--eth1-Linux1-eth0--Subnet1 / (ipsec-tunnel0) Intranet--eth0-Linux-HQ \ (ipsec-tunnel1) eth2(ipsec1)--ISP1--Internet--eth1-Linux2-eth0--Subnet2 I wanted to use the advanced routing features (ip command) of the linux kernel to solve the routing issues. When advanced routing is activated I can start tunnel0. After a few seconds their is still traffic on ipsec0 but not eth1. When I deactivate advanced routing and bring down eth2, tunnel0 works flawlessly. I used Debian Stable with kernel 2.4.20 Freeswan: 1.98b The setup for the advanced routing looks like this: - -snip- #!/bin/sh function ip { echo ip "$@" /sbin/ip "$@" } [ "$DEBUG" != "1" ] && unset ip # P1 Gateway, P1_NET Network address, IP1 local address, IF1 interfac e export IF1=eth0 export IP1=212.202.224.34 export P1=212.202.224.33 export P1_NET=212.202.224.32/29 export IF2=eth2 export IP2=83.236.132.166 export P2=83.236.132.165 export P2_NET=83.236.132.164/30 if [ "$1" == "start" ]; then echo 'Setting up advanced routing' ip route add $P1_NET via $P1 src $IP1 table qsc1 ip route add default via $P1 table qsc1 ip route add $P2_NET via $P2 src $IP2 table qsc2 ip route add default via $P2 table qsc2 ip route add 192.168.2.0/24 dev ipsec0 table qsc1 ip rule add from $IP1 table qsc1 ip rule add from $IP2 table qsc2 ip route flush cache elif [ "$1" == "stop" ]; then ip route flush table qsc1 ip route flush table qsc2 ip rule del from $IP1 table qsc1 ip rule del from $IP2 table qsc2 ip route flush cache echo 'Stopping advanced routing' else echo 'Unknown parameter '$1 fi Any help is greatly appreciated. Ciao, Philip - -- LINET Services GbR Gotenweg 15 Tel.: 0531-280 191 71 38106 Braunschweig Fax.: 0531-280 191 72 http://www.linet-services.de mailto:info@xxxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFBG27yHf7qoDPJh6ERAks7AKC8hMMukXnAaA2SKhik+EJUu7ukewCgvL4o 4tNDTbFs09eEbAg6lcVSJsQ= =buZw -----END PGP SIGNATURE----- _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/