CentOS 5.3 with all updates.
I need to setup a bit strange IPSec tunnel. Don't ask me why, the other side is a government agency and have this requirements.
I manage to run network-to-network tunnel and phase1 & phase2 was passed. I ommit racoon config it setup properly.
192.168.110.121 is up as eth0:0 ( i have only 2NICs, eth0 is internal network and another is eth1/ppp0)
But due to other side requirements after tunnel is up they don't allow my resuests.
Basicaly other side admin says all is ok, but your traffic should go from 192.168.110.120/29, not from 192.168.110.121 and go to 10.30.14.18 not to
I am confused, RedHat/Centos docs about IPsec Interfaces says
where <address> is the IP address of the IPsec source host or router. This setting is optional and is only used for host-to-host IPsec configurations.
It seem reasonable to achieve my goal with this setup
but IPSec tools can,t manage routes. I got No route to host when try to access a service on other side.
I try manual add some routes, but no succes
route add -net 10.30.14.0 netmask 255.255.255.0 gw 192.168.110.121
route add -host 10.30.14.18 gw 192.168.110.121
No traffic or attempt to bring up tunnel acording to tcpdump and racoon log.
I suspect something like
route add -net 10.30.14.0 netmask 255.255.255.0 dev ipsec0
will solve my problem, but there isn't dev ipsec0 (found somwhere a post from developers about kernel crash)
Other side uses Cisco VPN 3000 Series. I know this kind of setup is possible, because other people do it wtih hardware devices, but I don't wanna be forced to buy a CPU with some flash and web interface to same Linux.
I will gladly provide more info like racoon logs and tcpdumps if needed.
Also atm i'm trying to setup same tunnel with OpenSWAN, but their docs are horrible and im stuck atm.
One side question. Is theres any way to control bringing up ipsec0 after ppp0 is up.