[Openswan Users] OpenS/WAN <-> freeS/WAN failure - routing
problem?
Itai Tavor
itai at iinet.net.au
Thu Nov 11 23:38:17 CET 2004
Hi Paul, thanks for helping.
On 11/11/2004, at 10:06 PM, Paul Wouters wrote:
> On Thu, 11 Nov 2004, Itai Tavor wrote:
>
>> version 2.0 # conforms to second version of ipsec.conf
>> specification
>>
>> config setup
>> interfaces=%defaultroute
>
>> conn Tir-Na-Nogth-IM
>> right=%defaultroute
>
> I am not entirely sure if this works as expected.
>
> can you try to swap left and right in this conn, so that you have
> left=%defaultroute ?
Don't understand this... you mean change every left to right and vice
versa on this side? That does nothing, no change.
>> Checking NAT and MASQUERADEing
>> Checking tun0x1002 at 203.217.34.219 from 10.0.2.0/24 to 10.0.1.0/24
>> [FAILED]
>> ppp0_masq from 0.0.0.0/0 to 0.0.0.0/0 kills tunnel 0.0.0.0/0 ->
>> 10.0.1.0/24
>
> Your NAT rules might break something though
I knew I forgot to mention something... both gateways run shorewall,
and I get exactly the same ipsec problem with shorewall disabled on
both sides.
>> # Connection from Tir-Na-Nog'th gateway
>> conn Tir-Na-Nogth-IM
>> # Right - Tir-Na-Nog'th security gateway
>> right=0.0.0.0
>
> This is wrong. You mean right=%any
Ok, changed that, no change. BTW, ipsec.conf on both sides is unchanged
from when it did work, which is why this situation is really strange.
>> rightsubnet=10.0.1.0/24
>> rightnexthop=
>
> I would also either fill this in or leave it out entirely.
Removed rightnexthop, no change.
Still stuck... after bringing the tunnel up, "ping 10.0.2.1" from right
just hangs, "ping 10.0.1.1" from left returns "From 210.229.239.65
icmp_seq=0 Destination Host Unreachable"
Itai
More information about the Users
mailing list