On Mon, Oct 01, 2018 at 04:16:48PM +0100, Kaya Saman wrote: > > On 10/1/18 4:12 PM, Janne Johansson wrote: > > > > > > Den mån 1 okt. 2018 kl 16:56 skrev Kaya Saman <kayasa...@gmail.com > > <mailto:kayasa...@gmail.com>>: > > > > Hi, > > I've got an issue where something strange is happening with the > > routing > > table after establishing an ipsec connection.... it's quite hard to > > describe but what happens is that the tunnel establishes then routing > > goes down completely. The netstat -r command when run on the > > router just > > hangs and doesn't complete (show any routes). > > > > > > Perhaps you can't reach your resolver, try running "netstat -rn" to > > prevent netstat > > from trying to resolve all ips and networks it lists. > > -- > > May the most significant bit of your life be positive. > > > The resolver is local. However, the issue is deeper as inter-subnet > communications go down and these are ipv4 -> ipv4 > > > If I kill the isakmpd process then communication resumes, as in all layer3+ > services start functioning again: icmp, nfs, ssh etc.... >
Since your policy is from 0.0.0.0/0 to 0.0.0.0/0 all traffic will end up in the ipsec tunnel. I doubt this is what you want. IPsec flows steal the traffic before routing happens. I think you need to refine your policy also check with tcpdump what happens on enc0, etc. pp. -- :wq Claudio
