[Openswan Users] -!- Routing Problems %defaultroute requested
but not known -!-
Paul Wouters
paul at xelerance.com
Thu Sep 16 13:15:23 CEST 2004
On Wed, 15 Sep 2004, neptuno wrote:
> The problem is: IPsec SA established but subnet HOSTS dont PING.
> 2 gateways, 2.6.4 Linux Kernel. net-to-net VPN with openswan 2.1.5
> config setup
> interfaces="ipsec0=eth0"
You shouldn't specify interfaces with the 2.6 kernel. It has no ipsecX
interfaces.
> conn vpn1
> left=200.176.142.38
> leftsubnet=192.168.201.0/24
> leftid=@brainless.rumonorte.com
> leftnexthop=200.176.142.1
> leftrsasigkey=0sAQNWR7mUjpednz0tQf98JqMZYO8so53FXJMwWpRMh1ERYVViavihzLX
> right=200.180.4.245
> rightsubnet=192.168.200.0/24
> rightid=@octopus.rumonorte.com
> rightnexthop=200.180.6.254
> rightrsasigkey=0sAQN0TnLB5v9znqtWZzmQFhB+wg/L/kImN2zSa4UJV7lxZx0wQlK2z6
> type=tunnel
> auto=add
Looks ok.
> Routing Info:
I didnt see any vpn relevance in the details you posted here.
> ip route from LEFT: (VPN established)
>
> 192.168.201.0/24 dev eth1 scope link
> 192.168.200.0/24 via 200.176.142.1 dev ipsec0
> 200.176.142.0/24 dev eth0 proto kernel scope link src 200.176.142.38
> 200.176.142.0/24 dev ipsec0 proto kernel scope link src 200.176.142.38
Are you running a 2.4 or KLIPS enabled kernel? You said you were running 2.6
kernels, but I see 'ipsec0' here. Perhaps this is due to the wrong interfaces
line?
> known
> 20:35:05 brainless kernel: klips_debug:pfkey_destroy_socket:
> pfkey_remove_socket called.
> 20:35:05 brainless kernel: klips_debug:pfkey_destroy_socket:
you made a log with full klipsdebug enabled. You should not do this; it is
meant for debuging klips code, not ipsec configurations. To debug configurations
do not use klipsdebug and put plutodebug to 'control' at most (but preferably also
to none)
Run ipsec verify for some other tests.
Paul
More information about the Users
mailing list