[Openswan Users] Two Subnets not running / after update from freeswan to openswan

Frank Hubrach f.hubrach at spiekermann.de
Thu Aug 4 08:58:54 CEST 2005 

Hello,

i have updated my configuration from freeswan 1.98 to openswan 2.2.0.
Before update everything was fine.
After the update one tunnel works fine again, but the second did not.
Tunnel Section A ist -- one SubNet on the Router Left and one on the 
Router right.
Tunnel Section B ist --- one Subnet(the same) on the Router Left and a 
Subnet wich is Routet by another Router on the Rigth Subnet

Here ist my config
version 2.0
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes
        forwardcontrol=yes
        nat_traversal=yes

conn %default
        keylife=30m
        dpdtimeout=60s
        dpddelay=10s
        dpdaction=clear
        ikelifetime=20m
        rekeymargin=120s
        auto=add
        keyingtries=3
        disablearrivalcheck=no
        authby=rsasig
        right=%defaultroute
        rightcert=Place of cert
        rightid=the right id
        rightsubnet=192.168.60.0/24

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn block
        auto=ignore

conn OEself
        auto=ignore


conn packetdefault
        auto=ignore

conn  Section-A
        left=left ip
        leftrsasigkey=%cert
        leftnexthop=left hop
        leftid="leftid"
        leftsubnet=192.168.20.0/24
        auto=start

conn  Section-B
        left=left ip
        leftrsasigkey=%cert
        leftnexthop=left next hop
        leftid=left id
        leftsubnet=10.16.224.0/24
        auto=start

Routing on the left Subnet :
10.16.224.0     192.168.20.7    255.255.255.0   UG    0      0        0 eth1
192.168.60.0    nexthop            255.255.255.0   UG    0      0        
0 eth0

Routing on the Right Subnet
only one default router

In the existing log file nothing is said about wrong connections, every 
connection is successfully.
"Section-A" #2: sent QI2, IPsec SA established {ESP=>0xfe0825c0 <0x42f72633}
"Section-B" #4: sent QI2, IPsec SA established {ESP=>0x8eabdcb2 <0x6ec8390 )

The firewall is the same as in freeswan 1.98 , and other Locations are 
working fine on both Subnets - but the are running freeswan 1.98.

Any ideas ?
Yours
Frank

Sorry for my bad english.

More information about the Users mailing list