[Openswan Users] -!- Routing Problems %defaultroute requested but not known -!-

Paul Wouters paul at xelerance.com
Thu Sep 16 13:15:23 CEST 2004

On Wed, 15 Sep 2004, neptuno wrote:

> The problem is: IPsec SA established but subnet HOSTS dont PING.

> 2 gateways, 2.6.4 Linux Kernel. net-to-net VPN with openswan 2.1.5

> config setup
>       interfaces="ipsec0=eth0"

You shouldn't specify interfaces with the 2.6 kernel. It has no ipsecX

> conn vpn1
>       left=
>       leftsubnet=
>       leftid=@brainless.rumonorte.com
>       leftnexthop= 
> leftrsasigkey=0sAQNWR7mUjpednz0tQf98JqMZYO8so53FXJMwWpRMh1ERYVViavihzLX
>       right=
>       rightsubnet=
>       rightid=@octopus.rumonorte.com
>       rightnexthop=
>      rightrsasigkey=0sAQN0TnLB5v9znqtWZzmQFhB+wg/L/kImN2zSa4UJV7lxZx0wQlK2z6
>       type=tunnel
>       auto=add

Looks ok.

> Routing Info:

I didnt see any vpn relevance in the details you posted here.

> ip route from LEFT: (VPN established)
> dev eth1  scope link
> via dev ipsec0
> dev eth0  proto kernel  scope link  src
> dev ipsec0  proto kernel  scope link  src

Are you running a 2.4 or KLIPS enabled kernel? You said you were running 2.6
kernels, but I see 'ipsec0' here. Perhaps this is due to the wrong interfaces

> known
> 20:35:05 brainless kernel: klips_debug:pfkey_destroy_socket: 
> pfkey_remove_socket called.
> 20:35:05 brainless kernel: klips_debug:pfkey_destroy_socket:

you made a log with full klipsdebug enabled. You should not do this; it is
meant for debuging klips code, not ipsec configurations. To debug configurations
do not use klipsdebug and put plutodebug to 'control' at most (but preferably also
to none)

Run ipsec verify for some other tests.


More information about the Users mailing list