[Openswan Users] Openswan not encapsulating packets.

[Leonardo Piras]

Hi there everyone, 
i have a problem which is causing me some headache:

here is my ipsec.conf

# DADA - Infoblu
conn dada-infoblu
    authby=secret
    left=195.110.125.103
    leftsubnet=192.168.3.224/29
    leftnexthop=%defaultroute
    right=193.111.71.225
    rightsubnet=100.150.1.13/32
    pfs=yes
    auto=start

conn softec-dada
    authby=secret
    left=195.110.125.103
    leftsubnet=172.16.0.0/16
    right=195.110.108.72
    rightsubnet=192.168.6.0/24
    auto=start

As you can see, i've got two tunnels running.

ipsec auto --status gives:

"dada-infoblu" STATE_QUICK_I2 (sent QI2, IPsec SA established)

"softec-dada" STATE_QUICK_I2 (sent QI2, IPsec SA established)

I can succesfully ping hosts on the "softec-dada" tunnel:

tiglio:~# tcpdump -i any host 195.110.108.72 or 192.168.6.1
12:12:47.724999 IP 172.16.0.4 > 192.168.6.1: icmp 64: echo request seq 1
12:12:49.759678 IP tiglio.softecspa.it > 195.110.108.72:
ESP(spi=0x4f073a0c,seq=0x7)
12:12:47.741898 IP 195.110.108.72 > tiglio.softecspa.it:
ESP(spi=0xb8ba80d7,seq=0xb)
12:12:47.741898 IP 192.168.6.1 > 172.16.0.4: icmp 64: echo reply seq 1

Openswan encapsulates packets and ping returns succesfully.

BUT, "dada-infoblu" tunnel is not working, though connected.
I can't even see ESP packets flowing:

tiglio:~# tcpdump -i any host 193.111.71.225 or 100.150.1.13

listening on any, link-type LINUX_SLL (Linux cooked), capture size 96
bytes
12:19:36.336614 IP 172.16.0.4 > 100.150.1.13: icmp 64: echo request seq
1
12:19:36.340207 IP tiglio.softecspa.it > 100.150.1.13: icmp 64: echo
request seq 1
12:19:37.335878 IP 172.16.0.4 > 100.150.1.13: icmp 64: echo request seq
2
12:19:37.335920 IP tiglio.softecspa.it > 100.150.1.13: icmp 64: echo
request seq 2

As you can see, i can only see clear text pings from one host to the
other.
Openswan is not encapsulating packets and it's not sending them through
the ipsec tunnel.

How to solve this issue?

Thanks in advance.

-- 
Leonardo Piras