[Openswan Users] -!- Routing Problems %defaultroute requested but not known -!-

Paul Wouters paul at xelerance.com
Thu Sep 16 13:15:23 CEST 2004


On Wed, 15 Sep 2004, neptuno wrote:

> The problem is: IPsec SA established but subnet HOSTS dont PING.

> 2 gateways, 2.6.4 Linux Kernel. net-to-net VPN with openswan 2.1.5

> config setup
>       interfaces="ipsec0=eth0"

You shouldn't specify interfaces with the 2.6 kernel. It has no ipsecX
interfaces.

> conn vpn1
>       left=200.176.142.38
>       leftsubnet=192.168.201.0/24
>       leftid=@brainless.rumonorte.com
>       leftnexthop=200.176.142.1 
> leftrsasigkey=0sAQNWR7mUjpednz0tQf98JqMZYO8so53FXJMwWpRMh1ERYVViavihzLX
>       right=200.180.4.245
>       rightsubnet=192.168.200.0/24
>       rightid=@octopus.rumonorte.com
>       rightnexthop=200.180.6.254
>      rightrsasigkey=0sAQN0TnLB5v9znqtWZzmQFhB+wg/L/kImN2zSa4UJV7lxZx0wQlK2z6
>       type=tunnel
>       auto=add

Looks ok.

> Routing Info:

I didnt see any vpn relevance in the details you posted here.

> ip route from LEFT: (VPN established)
>
> 192.168.201.0/24 dev eth1  scope link
> 192.168.200.0/24 via 200.176.142.1 dev ipsec0
> 200.176.142.0/24 dev eth0  proto kernel  scope link  src 200.176.142.38
> 200.176.142.0/24 dev ipsec0  proto kernel  scope link  src 200.176.142.38

Are you running a 2.4 or KLIPS enabled kernel? You said you were running 2.6
kernels, but I see 'ipsec0' here. Perhaps this is due to the wrong interfaces
line?

> known
> 20:35:05 brainless kernel: klips_debug:pfkey_destroy_socket: 
> pfkey_remove_socket called.
> 20:35:05 brainless kernel: klips_debug:pfkey_destroy_socket:

you made a log with full klipsdebug enabled. You should not do this; it is
meant for debuging klips code, not ipsec configurations. To debug configurations
do not use klipsdebug and put plutodebug to 'control' at most (but preferably also
to none)

Run ipsec verify for some other tests.

Paul


More information about the Users mailing list