[Openswan Users] Two Subnets not running after update from freeswan to openswan

Frank Hubrach f.hubrach at spiekermann.de
Thu Aug 4 09:11:32 CEST 2005 

Same message, with corrected header

Frank Hubrach schrieb:

> Hello,
>
> i have updated my configuration from freeswan 1.98 to openswan 2.2.0.
> Before update everything was fine.
> After the update one tunnel works fine again, but the second did not.
> Tunnel Section A ist -- one SubNet on the Router Left and one on the 
> Router right.
> Tunnel Section B ist --- one Subnet(the same) on the Router Left and a 
> Subnet wich is Routet by another Router on the Rigth Subnet
>
> Here ist my config
> version 2.0
> config setup
>        interfaces=%defaultroute
>        klipsdebug=none
>        plutodebug=none
>        uniqueids=yes
>        forwardcontrol=yes
>        nat_traversal=yes
>
> conn %default
>        keylife=30m
>        dpdtimeout=60s
>        dpddelay=10s
>        dpdaction=clear
>        ikelifetime=20m
>        rekeymargin=120s
>        auto=add
>        keyingtries=3
>        disablearrivalcheck=no
>        authby=rsasig
>        right=%defaultroute
>        rightcert=Place of cert
>        rightid=the right id
>        rightsubnet=192.168.60.0/24
>
> conn private
>        auto=ignore
>
> conn private-or-clear
>        auto=ignore
>
> conn clear
>        auto=ignore
>
> conn clear-or-private
>        auto=ignore
>
> conn block
>        auto=ignore
>
> conn OEself
>        auto=ignore
>
>
> conn packetdefault
>        auto=ignore
>
> conn  Section-A
>        left=left ip
>        leftrsasigkey=%cert
>        leftnexthop=left hop
>        leftid="leftid"
>        leftsubnet=192.168.20.0/24
>        auto=start
>
> conn  Section-B
>        left=left ip
>        leftrsasigkey=%cert
>        leftnexthop=left next hop
>        leftid=left id
>        leftsubnet=10.16.224.0/24
>        auto=start
>
> Routing on the left Subnet :
> 10.16.224.0     192.168.20.7    255.255.255.0   UG    0      0        
> 0 eth1
> 192.168.60.0    nexthop            255.255.255.0   UG    0      
> 0        0 eth0
>
> Routing on the Right Subnet
> only one default router
>
> In the existing log file nothing is said about wrong connections, 
> every connection is successfully.
> "Section-A" #2: sent QI2, IPsec SA established {ESP=>0xfe0825c0 
> <0x42f72633}
> "Section-B" #4: sent QI2, IPsec SA established {ESP=>0x8eabdcb2 
> <0x6ec8390 )
>
> The firewall is the same as in freeswan 1.98 , and other Locations are 
> working fine on both Subnets - but the are running freeswan 1.98.
>
> Any ideas ?
> Yours
> Frank
>
> Sorry for my bad english.
>

-- 
Mit freundlichen Grüßen

SPIEKERMANN GmbH


i.A.  Frank Hubrach



SPIEKERMANN GmbH
Beratende Ingenieure
Fritz-Vomfelde-Str. 12

40547 Düsseldorf

Germany

Fon +49 (0)211 5236 311
Fax +49 (0)211 5236 390

http://www.spiekermann.de


Erklärungen der SPIEKERMANN GmbH, die per eMail übermittelt werden, sind
nur im Falle schriftlicher Bestätigung rechtsverbindlich.


Information from SPIEKERMANN GmbH transmitted by eMail
are legally binding only in case of written confirmation.

More information about the Users mailing list