<div dir="ltr"><div><div>Hi Bruce,<br><br></div> Add following iptables rule to allow data traffic to pass through tunnel.<br><br>iptables -A POSTROUTING -t nat -d SSS.SSS.0.0/16 -o <your wan interface> -m policy --dir out --pol ipsec -j ACCEPT<br>
<br><br></div>Willy<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Aug 23, 2013 at 10:04 AM, Bruce Ferrell <span dir="ltr"><<a href="mailto:bferrell@gmail.com" target="_blank">bferrell@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Below, I have my configuration (sanitized) and the results of bringing the tunnel up<br>
<br>
But the route never comes up and hosts on the right subnet aren't reachable.<br>
<br>
Can anyone make a suggestion as to what may be going on here and how I can fix it? What other information might I provide?<br>
<br>
Thanks in advance<br>
<br>
<br>
<br>
ipsec auto --up xyz<br>
104 "xyz" #362: STATE_MAIN_I1: initiate<br>
003 "xyz" #362: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-<u></u>02_n] method set to=106<br>
003 "xyz" #362: ignoring Vendor ID payload [FRAGMENTATION c0000000]<br>
106 "xyz" #362: STATE_MAIN_I2: sent MI2, expecting MR2<br>
003 "xyz" #362: received Vendor ID payload [Cisco-Unity]<br>
003 "xyz" #362: received Vendor ID payload [XAUTH]<br>
003 "xyz" #362: ignoring unknown Vendor ID payload [<u></u>65973bcd15aada87c513d6ef825b9b<u></u>96]<br>
003 "xyz" #362: ignoring Vendor ID payload [Cisco VPN 3000 Series]<br>
003 "xyz" #362: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/<u></u>03: no NAT detected<br>
108 "xyz" #362: STATE_MAIN_I3: sent MI3, expecting MR3<br>
003 "xyz" #362: received Vendor ID payload [Dead Peer Detection]<br>
004 "xyz" #362: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<br>
117 "xyz" #363: STATE_QUICK_I1: initiate<br>
004 "xyz" #363: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x57616a62 <0x6ac07c19 xfrm=3DES_0-HMAC_SHA1<br>
NATOA=none NATD=none DPD=none}<br>
<br>
<br>
conn xyz<br>
auth=esp<br>
authby=secret<br>
auto=start<br>
esp=3des-sha1<br>
ike=3des-sha1<br>
keyexchange=ike<br>
keyingtries=0<br>
left=xxx.xxx.xxx.xxx<br>
leftsubnet=<a href="http://192.0.2.46/32" target="_blank">192.0.2.46/32</a><br>
pfs=yes<br>
right=RRR.RRR.RRR.RRR<br>
rightsubnet=SSS.SSS.0.0/16<br>
type=tunnel<br>
<br>
<br>
______________________________<u></u>_________________<br>
<a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/<u></u>mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/<u></u>38387/IPsec-for-Linux-made-<u></u>easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/<u></u>product/1904811256/104-<u></u>3099591-2946327?n=283155</a><br>
</blockquote></div><br></div>