[Openswan Users] Re-2: VPN is up, routing problem

Paul Wouters paul at xelerance.com
Mon Aug 27 11:50:22 EDT 2007 

On Mon, 27 Aug 2007, Ludovic MARCILLY wrote:

> Yes i know, but the route for 192.168.1.0/24 subnet is added when vpn is up. Why does it add this route ?

If the route for 192.168.1.0/24 is added to 81.23.32.138, then it looks like you did not
reload/restart openswan after changing endpoints from 81.23.32.137 to 81.23.32.138, or
you have a wrong leftnexthop= that I missed.

Paul

> -------- Original Message --------
> Subject: Re: [Openswan Users] VPN is up, routing problem (27-août-2007 17:32)
> From:    Paul Wouters <paul at xelerance.com>
> To:      lmarcilly at aressi.fr
>
> > On Mon, 27 Aug 2007, Ludovic MARCILLY wrote:
> >
> > > > In my logs, i can see "Ipsec SA established" but i can't ping 192.168.1.0/
> > > > 24 networks computers from 192.168.2.0/24 network.
> > > >
> > > > Here is the routing table on Linux 2:
> > > >
> > > > 81.23.32.136 0.0.0.0      255.255.255.248 U  0 0 0 eth2
> > > > 192.168.2.0  0.0.0.0      255.255.255.0   U  0 0 0 eth0
> > > > 192.168.1.0  81.23.32.138 255.255.255.0   UG 0 0 0 eth2
> > > > 10.0.0.0     0.0.0.0      255.0.0.0       U  0 0 0 eth1
> > > > 0.0.0.0      81.23.32.138 0.0.0.0         UG 0 0 0 eth2
> > > >
> > > > I don't paste here the routing table of Linux 1 since it is almost the same
> > > > thing. (it the same thing for ipsec.conf).
> > > >
> > > > If i add a route which tell that gateway to reach 192.168.1.0/24 network is
> > > > 81.23.32.137, it works well but i don't want to add the route manually.
> >
> > Your routing tables says that 192.168.1.0/24 lives at 81.23.32.138, while
> > you
> > want it to live behind 81.23.32.137 (via ipsec). You should remove the
> > route
> > for 192.168.1.0 to 81.23.32.138 then.
> >
> > Paul
>
>
> To: paul at xelerance.com
> Cc: users at openswan.org
>
>
>
> _______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list