[Firehol-support] Opeswan route all traffic

Phil Whineray phil at sanewall.org
Sun Jun 8 10:15:35 BST 2014

Hi Aleksander
On Sun, Jun 08, 2014 at 11:49:40AM +0400, Aleksander Ol wrote:
> Good afternoon.
> I can not send traffic as IPSEC .
> configured so
> 1) Eth0 ( Internal Network .... )
> 2) Eth1  ( Internet )
> I setup Openswan IPsec .... use (netkey ) 
> Now All local traffic work fine ... but i neet route all traffic to VPN .... Internet also.
> I need that users went through a remote gateway with any established VPN connection
> If that does not work VPN Internet also should not work
> The problem is that OpenSwan IPSEC  does not create a separate interface
> If anyone knows how to config. Help please
> Sorry for my english

Sorry - I don't think you have a firewall problem here. You need to get
the traffic directing correctly first with routes etc. Only once that is all
working you might want to revisit the firewall if it is blocking or
permitting something it should not.

I think you probably need to ask for help in an OpenSwan or IPSec forum,
however I did a quick search and this looks like the sort of thing you
would need to do:

The key is that (only) the IP of the remote VPN server is explicitly routed
via your normal internet. The original default is replaced with a new

Hope that helps

More information about the Firehol-support mailing list