[Openswan Users] "Simple" ? Vpn setup

[Nicolas Ross]

I just found found out that from a remote host behing remote GW, if I ping a 
local host behing local GW, I get this :

Nov 23 10:54:11 router2 kernel: NET: 4 messages suppressed.
Nov 23 10:54:11 router2 kernel: klips_error:ipsec_xmit_send: ip_send() 
failed, err=1

In my remote /var/log/message

It seems I suffer of the "no eroute" problem, as described in the FAQ... But 
all my config/routes seems correct to me...

There is no masquerading involved here...

I am still trying to find the problem...

Nicolas

> Ok, I got all this sorted out...
>
> Yesterday, I got the 2 gateways connect to each other, and I was able to
> send ping from subnet behind my left gw to the IP of the subnet of the 
> right
> subnet...
>
> Now, late yesterday, the remote gw has been rebooted to add another NIC, 
> the
> tunnel stills go up, but I cannot ping either way. I cannot see what have
> changed since yesterday that prevents the ping to go trough...
>
> With tcpdump, I can see that a packet arrives at the remote GW, from my
> local GW, but the packet does'nt go out to the rightsubnet...
>
> Here's my setup again :
>
> 192.168.10.0/24 - 192.168.10.1 a.b.c.d  -- a.b.c.e {internet} --+
>                                                                |
> 10.0.1.0/24  ---  10.0.1.1 f.g.h.i  ----  f.g.h.j {internet} --+
>
> My ipsec.conf :
>
> conn testvpnos
>        left=a.b.c.d
>        leftsubnet=192.168.10.0/24
>        leftnexthop=a.b.c.e
>        leftid=@testipsec.xx.xx
>        leftrsasigkey=0s...
>        right=f.g.h.i
>        rightsubnet=10.0.1.0/24
>        rightnexthop=f.g.h.j
>        rightid=@router2.xx.xx
>        rightrsasigkey=0s...
>        auto=add
>
> include /etc/ipsec.d/examples/no_oe.conf
>
> The tunnel goes up smootly, but nothing pings either way...
>
> Can you tel me what's wrong ?
>
> Thanks for any hints !
>
> Nicolas