[Openswan Users] VPN is up, routing problem

Ludovic MARCILLY lmarcilly at aressi.fr
Mon Aug 27 10:32:17 EDT 2007 

I just have forgotten some informations:

I'am using Linux Openswan U2.4.8/K2.6.21.5 (netkey)

Thanks a lot!
-------- Original Message --------
Subject: [Openswan Users] VPN is up, routing problem (27-août-2007 16:24)
From:    Ludovic MARCILLY <lmarcilly at aressi.fr>
To:      lmarcilly at aressi.fr

> Hi all,
> 
> i have establish a vpn :
> 
> Network 1 -- [Linux 1 + Openswan ] ----- [ Linux 2 + Openswan ] -- Network 
> 2
> 
> Network 1: 192.168.1.0/24
> Linux 1: 192.168.1.1 and 81.23.32.137 gateway 81.23.32.136
> Linux 2: 192.168.2.1 and 81.23.32.139 gateway 81.23.32.136
> Network 2: 192.168.2.0/24
> 
> Here is one ipsec.conf:
> 
> version 2
> 
> config setup
> 	interfaces=%defaultroute
> 	klipsdebug=none
> 	plutodebug=none
> 	uniqueids=yes
> 	nat_traversal=yes
> 	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!
> 192.168.2.0/255.255.255.0,%v4:!10.0.0.0/255.0.0.0,%v4:!192.168.1.0/255.255.
> 255.0,%v4:!172.16.1.0/255.255.0.0,%v4:!192.168.2.0/255.255.255.0
> 
> conn %default
> 	keyingtries=0
> 	disablearrivalcheck=no
> 
> conn TestVPNNSNS
> 	left=81.23.32.139
> 	leftnexthop=%defaultroute
> 	leftsubnet=192.168.2.0/255.255.255.0
> 	right=81.23.32.137
> 	rightsubnet=192.168.1.0/255.255.255.0
> 	rightnexthop=%defaultroute
> 	ike=aes128-sha-modp1024
> 	esp=aes128-sha1
> 	ikelifetime=1h
> 	keylife=8h
> 	dpddelay=30
> 	dpdtimeout=120
> 	dpdaction=hold
> 	authby=secret
> 	auto=start
> 
> conn block
> 	auto=ignore
> 
> conn private
> 	auto=ignore
> 
> conn private-or-clear
> 	auto=ignore
> 
> conn clear-or-private
> 	auto=ignore
> 
> conn clear
> 	auto=ignore
> 
> conn packetdefault
> 	auto=ignore
> 
> 
> In my logs, i can see "Ipsec SA established" but i can't ping 192.168.1.0/
> 24 networks computers from 192.168.2.0/24 network.
> 
> Here is the routing table on Linux 2:
> 
> 81.23.32.136 0.0.0.0      255.255.255.248 U  0 0 0 eth2
> 192.168.2.0  0.0.0.0      255.255.255.0   U  0 0 0 eth0
> 192.168.1.0  81.23.32.138 255.255.255.0   UG 0 0 0 eth2
> 10.0.0.0     0.0.0.0      255.0.0.0       U  0 0 0 eth1
> 0.0.0.0      81.23.32.138 0.0.0.0         UG 0 0 0 eth2
> 
> I don't paste here the routing table of Linux 1 since it is almost the same 
> thing. (it the same thing for ipsec.conf).
> 
> If i add a route which tell that gateway to reach 192.168.1.0/24 network is 
> 81.23.32.137, it works well but i don't want to add the route manually.
> 
> Is there any solution to solve my problem ?
> 
> Thanks a lot in advance.
> Best regards,
> 
> Ludovic MARCILLY
> 
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


To: lmarcilly at aressi.fr
    users at openswan.org

More information about the Users mailing list