[Openswan Users] NET-TO-NET ROUTE OK BUT NO ENCRYPTION

Aaron Lewis subspace_com at hotmail.com
Thu Feb 10 22:25:53 CET 2005


I am trying to setup a simple "test" net-to-net system for dept. 
proof-of-concept. Pings route accross fine but there seems to be no 
encryption occuring.

192.168.1.0/24===192.168.1.1---200.1.1.1...200.1.1.2---192.168.2.1===192.168.2.0/24

Arch: I am running Fedora Core 3 | 2.6 Kernel
Soft: Installed Openswan 2.3.0 from rpm

When running 'ipsec auto --up conn-name' I get ...

#32: STATE_QUICK_I1: initiate
#32: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=> 0x87174370 
<0x4cb090c}

I validated the ipsec requirements with 'ipsec verify' and everything comes 
out ok.

If I run a 'service ipsec status' I get the following output which indicates 
no tunnel ...

IPsec running
pluto pid xxxxx
No tunnels up

ipsec.conf is setup as follows ...

Version 2.0

config setup
     interfaces="ipsec0=eth0"

conn conn-name
     type=tunnel
     authby=rsasig
     auth=esp
     auto=start
     left=192.168.1.1
     leftid=@leftfqdn
     leftsubnet=192.168.1.0/24
     leftnexthop=200.1.1.1
     leftrsasigkey=<very long key here>
     right=192.168.2.1
     rightid=@rightfqdn
     rightsubnet=192.168.2.0/24
     rightnexthop=200.1.1.2
     rightrsasigkey=<very long key here>

I verified my rsasigkeys to what is in the ipsec.secrets files.

Is there a routing table kept specifically for ipsec use and if so how can I 
configure/use.

Has anyone else had this issue?

Any help is greatly appreciated! Willing to provide additional info.

Regards,

Incompetent Openswan User




More information about the Users mailing list