[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CIDR, ipsec flows and routing
I am not sure if this is a bug report, a feature request or a call for
help, but here goes ....
Basically I am having a routing problem and I am not sure what the answer
Here is my network situation
Work (Dual ether OpenBSD 2.6 beta)
Using 10.0.0.0/16 (Currently only 10.1-5 are in use
External net is a.b.c.d/24
At home (Dual ether OpenBSD 2.6 beta)
External net is p.q.r.s/29
Other nets will be
Using nets 10.128.2.0/24 upwards
and will have their own external nets
What I originally set up was an ipsec flow from my home network to work
with a matrix of flows between
10.0.0.0/8 and a.b.c.d/24
10.128.1.0/24 and p.q.r.s/29
>From what I remember from my CIDR reading the most specific route should be
the one used where there is a conflict. ie if a router has routes for
10.0.0.0/8 and 10.128.1.0/24 then packets for hosts in the 10.128.1.0 net
should take the route specified by the 24 bit subnet.
Although I could have just set up the flows specifying the work network as
10.0.0.0/9 I thought that specifying /8 would be a simple way of allowing
routing between the various remote nets.
As anybody who has actually read this far will have figured, this isnt what
is happening for me. My IPSEC host is trying to route packets intended for
the directly connected 10.128.1.x net through the ipsec flows.
netstat -rn shows all of the routes expected.
"route show 10.128.1.1" states that the next hop should be through xl1
which is the correct interface.
So my questions are.
Am I trying to do something really stupid?
Is this a bug or am I misunderstanding how things should work?
Should I just give up on this idea, and try another approach?
Is there a way I could make this work?
Thanks in advance