[Openswan Users] Cisco Concentrator not so stumped

Eaton, Andy Andy at seas.wustl.edu
Sun Feb 6 12:30:05 CET 2005

So here is the story.  I finally have a connection up to the Cisco 3030.
I only had to do the following:


test -d /proc/net/ipsec/spi && ipsec spi --clear'

#lsmod 2>&1 | grep "^ipsec" > /dev/null && rmmod ipsec'


Comment out the lsmod line, remove the ";" and add a "'".  Once I did
this and restarted ipsec, the tunnels started to work without the failed


I am now having problems routing over ipsec0 with klips.  I am really
trying to route traffic from my gateway to and over the ipsec tunnel for now.  Tcpdump doesn't show any
traffic over ipsec0.  When the tunnel comes up a route -n shows the
following.   U     0      0        0
vlan5   U     0      0        0
vlan4   U     0      0        0
vlan3   U     0      0        0
vlan2   U     0      0        0
eth2   U     0      0        0
eth0   U     0      0        0
ipsec0         UG    0      0        0


I would think I would need some routes that look like the following:    U          0          0
0 ipsec0        U          0          0
0 ipsec0


I have tried to add these manually but no joy.  How does Pluto deal with
this? For my test, the important parts...


conn conc 





I should be routing over ipsec0. Is there supposed to be
some unseen magic that happens to route the traffic over ipsec0?

My iptables rules have the following so I am not trying to nat this
specific traffic.


            iptables -t nat -A POSTROUTING -o eth0 -s 0/0 -d ! -j MASQUERADE

iptables -t nat -A POSTROUTING -o eth0 -s 0/0 -d ! -j

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE


I have control over both ends of this tunnel and the group id on the 3030 is set to route all traffic.  It is not


Am I missing something?




Andrew Eaton

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050206/dde32f0e/attachment.htm

More information about the Users mailing list