[Openswan Users] problem with "ipsec verify"

Barbara Dippelreiter barbara.dippelreiter at promac.at
Wed Oct 13 17:12:22 CEST 2004

Hi all,

we have three locations (A, B and C). A (the headquarter) and B (subsidiary) 
have both installed FreeS/WAN and communicate without any problems.

Shortly we have installed openswan in location C (subsidiary) in order to 
communicate with A.
We configured tunnels from a subnet in location C into three different subnets 
in location A. The configuration is nearly the same as the configuration 
between A and B. Only ip-addresses have changed.

Communication between A and C works fine, but:

if we want to check the tunnels (ipsec verify) we get approx. 80 error 
messages (ACCEPT / MASQUERADE from IP to IP kills tunnels from IP/subnet to 

Analysing the situation, we discovered no errors in the configuration. 
The firewallscript was copied from location B to our new gateway and "works 
The only thing we have found is a strange (second) route entry on the gateway 
in C via ipsec0. 
<   U     0      0    0 ipsec0>
The destination of this route has nothing to do with any of our VPN 
configurations. Why does it use interface ipsec0? 
We deleted this route entry without any effect on the communication from C to 
After the restart of ipsec the route entry was back again, the reaction to 
ipsec verify was unchanged and the user communication from C to A was still 

Can anybody help us to understand the behaviour and give us a hint to correct 
the situation.



More information about the Users mailing list