[Openswan Users] Data from ipsec0 to eth2

Sun Feb 6 09:54:16 CET 2005

Hi,

I am running IPCOP 1.4.2 which uses OpenSwan 1.0.7.  My problem is that the
net-to-net tunnel shows as up on both ends both from the GUI as well as
using tail -f /var/log/messages, but when I try to ping a machine on the
other subnet I do not get any replies.  Now, I ran tcpdump -i on both ipsec0
and eth2 at the same time and I do not see the traffic flowing from ipsec0
to  the eth2 interface.  This the case for both tunnel endpoints.  I  know
that I am missing something, but what?  I am including my ipsec.conf file
below:

TIA,

Trevor

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,
%v4:!192.168.2.0/255.255.255.0,%v4:!172.16.1.0/255.255.255.0,%v4:!192.168.11
1.0/24

conn %default
        keyingtries=0
        disablearrivalcheck=no

conn Hailix
        right=xx.xx.xx.xx
        rightsubnet=192.168.2.0/255.255.255.0
        rightnexthop=%defaultroute
        left=xx.xx.xx.xx
        leftsubnet=192.168.111.0/24
        leftnexthop=%defaultroute
        dpddelay=30
        dpdtimeout=120
        dpdaction=hold
        authby=secret
        auto=start