[Openswan Users] IPSEC tunnel problem

DurgaPrasad Adusumalli adusumallid at gmail.com
Tue Jan 25 09:46:54 CET 2005 

I have tried to set up an ipsec tunnel between two networks using
openswan 2.1.5. As shown in the figure below.

10.0.1.0/24 -----172.16.1.1 ---- 172.16.1.2 ------ 10.0.20.0/24
Left                  Left Gateway  Right Gateway    Right network.

My ipsec.conf file is as below

version 2
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
        #klipsdebug=all
        #plutodebug=dns
        interfaces="ipsec0=eth1"

conn yourtunnel

        keyexchange=ike
        authby=rsasig
        keyingtries=%forever
        left=172.16.1.1
        leftsubnet=10.0.1.0/24
        leftrsasigkey=0sAQ
        right=172.16.1.2
        rightsubnet=10.0.2.0/24
        rightrsasigkey=0sAQNQo
        auto=start

include /etc/ipsec.d/examples/no_oe.conf

I used the same configuration file on other end also.
When ipsec service is started it works fine and when I type ipsec auto
--status I get following messages.

000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 10.0.2.1
000 interface eth1/eth1 172.16.1.2
000 %myid = (none)
000 debug none
000
000 "yourtunnel":
10.0.2.0/24===172.16.1.2[S=C]...172.16.1.1[S=C]===10.0.1.0/24;
erouted; eroute owner: #6
000 "yourtunnel":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "yourtunnel":   policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24;
interface: eth1;
000 "yourtunnel":   newest ISAKMP SA: #4; newest IPsec SA: #6;
000
000 #6: "yourtunnel" STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 28239s; newest IPSEC; eroute owner
000 #6: "yourtunnel" esp.161f0bef at 172.16.1.1 esp.e638f742 at 172.16.1.2
tun.0 at 172.16.1.1 tun.0 at 172.16.1.2
000 #5: "yourtunnel" STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 28239s
000 #5: "yourtunnel" esp.7a931b5e at 172.16.1.1 esp.6df86423 at 172.16.1.2
tun.0 at 172.16.1.1 tun.0 at 172.16.1.2
000 #4: "yourtunnel" STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_REPLACE in 3039s; newest ISAKMP
000 #3: "yourtunnel" STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27449s
000 #3: "yourtunnel" esp.7ad290c7 at 172.16.1.1 esp.bc643054 at 172.16.1.2
tun.0 at 172.16.1.1 tun.0 at 172.16.1.2
000 #2: "yourtunnel" STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 27405s
000 #2: "yourtunnel" esp.1c6582f7 at 172.16.1.1 esp.1bdc6588 at 172.16.1.2
tun.0 at 172.16.1.1 tun.0 at 172.16.1.2
000 #1: "yourtunnel" STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 2623s
000
When I try to ping left client to right client I get Destination Host
unreachable error. Its the same with telnet and ssh also. Can someone
help me please. I have set ip_forward to 1 on both gateways.

Thanks in advance.
Durga Prasad.

More information about the Users mailing list