[Openswan Users]
Paul Wouters
paul at xelerance.com
Fri Jun 16 17:22:12 CEST 2006
On Fri, 16 Jun 2006, Jim Barber wrote:
> The two systems seem to correctly establish the tunnel, however I can't route
> the traffic between the two.
> I'm not sure how to even debug the problem because NETKEY seems to hide
> everything that goes on since it doesn't create an ipsec0 interface...
> conn ddi
> authby=secret
> left=%defaultroute
> leftsubnet=10.1.1.0/24
> right=yyy.yyy.yyy.yyy
> rightsubnet=10.10.0.0/24
> rightid=@hostname.ddihealth.com
Add leftsourceip=10.1.1.1 and rightsourceip=10.10.0.1
> Pings and Traceroutes from home to work fail:
>
> PING 10.10.0.1 (10.10.0.1) 56(84) bytes of data.
> From xxx.xxx.xxx.xxx icmp_seq=2 Destination Host Unreachable
> From xxx.xxx.xxx.xxx icmp_seq=3 Destination Host Unreachable
> From xxx.xxx.xxx.xxx icmp_seq=4 Destination Host Unreachable
You do not show the ping command, but if you didn't specify the source ip,
(and on some debian machines even then ping doesnt use the specified source
ip) then it will use the public ip, which is not part of your subnet-subnet
tunnel.
Paul
More information about the Users
mailing list