[Openswan Users] help for site-to-site vpn

Paul Wouters paul at xelerance.com
Tue Jun 7 03:34:14 CEST 2005

On Tue, 7 Jun 2005, Yang Xu wrote:

> I can get the host-host connection up with correct encryption. I use

> conn sitevpn
>       authby=secret
>       auto=start
>       left=
>       #leftsubnet=
>       leftnexthop=
>       right=
>       #rightsubnet=
>       rightnexthop=
>       type=tunnel
> #Disable Opportunistic Encryption
> include /etc/ipsec.d/examples/no_oe.conf
> However, as soon as I uncomment the two lines for leftsubnet and
> rightsubnet and restart the ipsec service, it seems don't work any more.

It does.

> I test with the tcpdump and ping command, the output is below
> [root at racoon ~]# tcpdump dst host
> tcpdump: verbose output suppressed, use -v or -vv for full protocol
> decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 11:58:43.151349 IP > icmp 64: echo reply seq 0

That is not a ping from a host in to a host in
Either add two tunnels, one with and one without the subnet='s, or use
leftsourceip= and rightsourceip= with the internal IP of the gateway machines.


   "I am not even supposed to be here today!"  -- Clerics

More information about the Users mailing list