[Openswan Users] More info - routing problem
Antony Gelberg
antony at wayforth.co.uk
Thu Sep 15 19:05:18 CEST 2005
Hi all,
I have been doing some more debugging of my ipsec gateway. SA is
established, pings are returned from the internal machine, but then go
missing. It felt like a routing problem and this is in the logs:
Sep 15 16:38:24 robert pluto[3595]: "roadwarrior"[2] 82.68.107.174 #2:
route-client output: /usr/lib/ipsec/_updown: doroute `ip route add
192.168.0.190/32 via 82.68.107.174 dev ipsec0 ' failed (RTNETLINK
answers: Network is unreachable)
I have tried this command manually, and indeed it does not like it.
Here's ipsec.conf:
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
interfaces=%defaultroute
conn roadwarrior
left=82.69.161.254
leftsubnet=192.168.168.0/24
leftcert=/etc/ipsec.d/certs/robert.wayforth.co.uk_cert.pem
right=%any
rightcert=/etc/ipsec.d/private/robert.wayforth.co.uk_key.pem
rightsubnetwithin=0.0.0.0/0
auto=add
pfs=yes
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
I won't post a barf at this stage, as I feel that this may well be
enough for someone to guide me, but please let me know if you need the
full barf.
Antony
More information about the Users
mailing list