[Openswan Users]
Two Subnets not running / after update from freeswan to openswan
Frank Hubrach
f.hubrach at spiekermann.de
Thu Aug 4 08:58:54 CEST 2005
Hello,
i have updated my configuration from freeswan 1.98 to openswan 2.2.0.
Before update everything was fine.
After the update one tunnel works fine again, but the second did not.
Tunnel Section A ist -- one SubNet on the Router Left and one on the
Router right.
Tunnel Section B ist --- one Subnet(the same) on the Router Left and a
Subnet wich is Routet by another Router on the Rigth Subnet
Here ist my config
version 2.0
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
uniqueids=yes
forwardcontrol=yes
nat_traversal=yes
conn %default
keylife=30m
dpdtimeout=60s
dpddelay=10s
dpdaction=clear
ikelifetime=20m
rekeymargin=120s
auto=add
keyingtries=3
disablearrivalcheck=no
authby=rsasig
right=%defaultroute
rightcert=Place of cert
rightid=the right id
rightsubnet=192.168.60.0/24
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear
auto=ignore
conn clear-or-private
auto=ignore
conn block
auto=ignore
conn OEself
auto=ignore
conn packetdefault
auto=ignore
conn Section-A
left=left ip
leftrsasigkey=%cert
leftnexthop=left hop
leftid="leftid"
leftsubnet=192.168.20.0/24
auto=start
conn Section-B
left=left ip
leftrsasigkey=%cert
leftnexthop=left next hop
leftid=left id
leftsubnet=10.16.224.0/24
auto=start
Routing on the left Subnet :
10.16.224.0 192.168.20.7 255.255.255.0 UG 0 0 0 eth1
192.168.60.0 nexthop 255.255.255.0 UG 0 0
0 eth0
Routing on the Right Subnet
only one default router
In the existing log file nothing is said about wrong connections, every
connection is successfully.
"Section-A" #2: sent QI2, IPsec SA established {ESP=>0xfe0825c0 <0x42f72633}
"Section-B" #4: sent QI2, IPsec SA established {ESP=>0x8eabdcb2 <0x6ec8390 )
The firewall is the same as in freeswan 1.98 , and other Locations are
working fine on both Subnets - but the are running freeswan 1.98.
Any ideas ?
Yours
Frank
Sorry for my bad english.
More information about the Users
mailing list