[Openswan Users] -!- Routing Problems %defaultroute requested but not known -!-

Paul Wouters paul at xelerance.com
Thu Sep 16 19:12:19 CEST 2004


On Thu, 16 Sep 2004, neptuno wrote:

> OK, i set policy to ACCEPT, no filter rules. Im doing nat/masquerading 
> excluding -d \! 192.168.0.0/16 destinations at both sides.

> Sep 16 12:32:24 brainless ipsec_setup: ...Openswan IPsec started
> Sep 16 12:33:44 brainless kernel: IN=eth1 OUT=ipsec0 SRC=192.168.201.225 
> DST=192.168.200.210 LEN=96 TOS=0x00 PR ....
> Sep 16 12:33:45 brainless kernel: IN=eth1 OUT=ipsec0 SRC=192.168.201.225 
> DST=192.168.200.210 LEN=96 TOS=0x00 PR ....
> Sep 16 12:33:47 brainless kernel: IN=eth1 OUT=ipsec0 SRC=192.168.201.225 
> DST=192.168.200.210 LEN=96 TOS=0x00 PR .....

According to these you are dropping those packets.

> Sep 16 12:32:33 brainless pluto[6868]: "vpn1" #2: IPsec SA established 
> {ESP=>0x84a2b2a8 <0x04e05ca6}

> Sep 16 12:32:42 brainless pluto[6868]: "vpn1" #1: ignoring Delete SA payload: 
> PROTO_IPSEC_ESP SA(0x84a2b2a7) not found (maybe expired)

both sides are not in sync? Did you only restart one end?

First disable all firewall rules, then restart both ends and see if the problem
goes away. if it does, retune your firewall rules.

Paul


More information about the Users mailing list