[Openswan Users] Probelm with host reachability when ipsec tunnel is operational

Paul Wouters paul at xelerance.com
Tue Jul 5 18:07:27 CEST 2005

On Tue, 5 Jul 2005, Phillip Gersekowski wrote:

> I have recently upgrded to Linux Openswan U2.3.1/K2.6.11.4-20a-default
> (netkey) from Freeswan-1.99 on Linux 2.4.20.
> I am having a problem  with reachability of the IPSEC gateway host on
> the local network.

Without logs it is hard to say what is going on. Either your firewalls
still assume an ipsecX device which is no longer there, your rp_filter
settings changed, your nat/masq settings interfere, or perhaps you did
not disable OE by including no_oe.conf

> The ADSL gateway provide 4 IPSec Connections: One Connection each from
> the local networks (7 & 26) to our adminsitration center
> ( and One Connection from each local network to another
> box used for "Internet" Connectivity.
> The 2 IPSEC connection to the internet is used to connection to all
> other Sites within out WAN . These sites are number in the private
> ranges (192.168., 10. and 172.) so we use a catch all route
> from the remote network on this ipsec connection. It also just happens
> that this second IPSEC Connection is our connection to the internet, but
> these remote locations do not have internet connectivity so this is not
> actually used for web etc.

If you are creating 'overlapping' networks, eg by having on one
end, and 10.0.x.0/24 on another end, then with KLIPS this worked but with
NETKEY you will need extra passthrough connections to make it work.

> The problem is that when I bring up the 2nd IPSEC Connection
> ( remote network. I lose the ability to reach the
> from any machine in and also the lose
> connectivity from to, and also lose
> connectivity between the and networks.

Seems like you might have left OE enabled.


More information about the Users mailing list