[Openswan Users] ping test fails, who is providing the route?

Charles Tompkins crt at thig.com
Wed Jun 14 18:46:12 CEST 2006 

Since being stuck on FC4 radius.so issues, I am now trying Debian.  I am
using their default pkgs for openswan and l2tpns on sarge.  The IPsec tunnel
is being created, and the XPsp2 "roadwarrior" is getting auth and an IP from
l2tpns-freeRADIUS.

I am now trying to troubleshoot ill-connectivity with the ping test.
Pinging from the raodwarrior to the gateway is good!  Pinging from the
gateway to the roadwarrior is not working.  Dumps on the roadwarrior show
that it is receiving the ping and replying, but they do not make it back to
the gateway...  Pinging anything on the lan beyond the gateway from the
roadwarrior is not working, either.

The million dollar question is "Does Openswan or the LNS provide the route
info for the connection?"

The source of my confusion is that I can see that l2tpns sets a route in the
kernel routing table, but Openswan is checking for "iptables" and has
"leftsubnet" and "leftnexthop" options.

Thanks,
-Charles

Conf here:
version 2.0

config setup
 interfaces=%defaultroute
 nat_traversal=yes
 virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
 klipsdebug=none
 plutodebug=none


conn %default
 keyingtries=3
 compress=yes
 disablearrivalcheck=no
 authby=secret
 leftrsasigkey=%cert
 rightrsasigkey=%cert

include /etc/ipsec.d/examples/no_oe.conf

conn roadwarrior-l2tp
 pfs=no
 leftprotoport=17/0
 rightprotoport=17/1701
 also=roadwarrior

conn roadwarrior-l2tp-updatedwin
 pfs=no
 leftprotoport=17/1701
 rightprotoport=17/1701
 also=roadwarrior

#conn roadwarrior-net
# leftsubnet=0.0.0.0/0
# also=roadwarrior

conn roadwarrior
 left=%defaulteroute
 leftcert=%cert
 right=%any
 rightsubnet=vhost:%no,%priv
 forceencaps=yes
 auto=add




CONFIDENTIAL NOTICE: This email including any attachments, contains 
confidential information belonging to the sender. It may also be 
privileged or otherwise protected by work product immunity or other 
legal rules. This information is intended only for the use of the 
individual or entity named above.  If you are not the intended 
recipient, you are hereby notified that any disclosure, copying, 
distribution or the taking of any action in reliance on the contents 
of this emailed information is strictly prohibited.  If you have 
received this email in error, please immediately notify us by 
reply email of the error and then delete this email immediately.

More information about the Users mailing list