[Openswan Users] no route ?

Thomas Dagonnier thomas.dagonnier at gmail.com
Wed Apr 27 23:09:32 CEST 2005 

Hi,

I've searched for documentation so if there's some manual or page I
should have read, please gently point me to it.

I'm trying to establish an IPsec tunnel between a server at work & a
linksys adsl box at home

To my great surprise, the key exchange works fine, the tunnel is setup
... but no route is created on the linux box.

The setup looks like :

192.168.2.3 (lo:0) [Server] IP_1 -----(internet)----- IP_B [Linksys]
192.168.1.1 ---- .13 (PC)

I can ping 192.168.2.3 from 192.168.1.13 ... but not the opposite.

I'm running Linux Openswan U2.3.1/K2.6.11-gentoo-r6 (netkey)

On the server, route -n just gives the "standard" routes.

Other interesting output :
ip xfrm state >

src IP_1 dst IP_2
        proto esp spi 0xd83226ec reqid 16385 mode tunnel
        replay-window 32
        auth md5 0x649bda04ef80fa3c74a872c1cc55971b
        enc des3_ede 0x8be5b7f537ebff6896d4d6e13abd5c09ad666bc89f45d5d9
src IP_2 dst IP_1
        proto esp spi 0x51232ec7 reqid 16385 mode tunnel
        replay-window 32
        auth md5 0x6d09ae15ec95ae1b1fb86f6a7ad5bb28
        enc des3_ede 0x016e7003bb43a8f11e669ad12fdfd8d1f0aecbba3d265df4

ip xfrm policy >
src 192.168.1.0/24 dst 192.168.2.0/24
        dir in priority 2344
        tmpl   src IP_1 dst IP_2
                proto esp reqid 16385 mode tunnel
src 192.168.2.0/24 dst 192.168.1.0/24
        dir out priority 2344
        tmpl   src IP_2 dst IP_1
                proto esp reqid 16385 mode tunnel
src 192.168.1.0/24 dst 192.168.2.0/24
        dir fwd priority 2344
        tmpl   src IP_1 dst IP_2
                proto esp reqid 16385 mode tunnel

Any help or suggestion is appreciated ...

yes, I can probably get the netfilter ipsec hook patch, but if there's
some iproute magic that can solve the situation, it'll be better.

More information about the Users mailing list