[Openswan Users] Re-2: Re-2: VPN is up, routing problem

Ludovic MARCILLY lmarcilly at aressi.fr
Mon Aug 27 11:59:16 EDT 2007


i have restart openswan after changing endpoints and my leftnexthop is set to %defaultroute.

-------- Original Message --------
Subject: Re: [Openswan Users] Re-2:  VPN is up, routing problem (27-août-2007 17:56)
From:    Paul Wouters <paul at xelerance.com>
To:      lmarcilly at aressi.fr

> On Mon, 27 Aug 2007, Ludovic MARCILLY wrote:
> 
> > Yes i know, but the route for 192.168.1.0/24 subnet is added when vpn is up.
> >  Why does it add this route ?
> 
> If the route for 192.168.1.0/24 is added to 81.23.32.138, then it looks 
> like you did not
> reload/restart openswan after changing endpoints from 81.23.32.137 to 81.23.
> 32.138, or
> you have a wrong leftnexthop= that I missed.
> 
> Paul
> 
> > -------- Original Message --------
> > Subject: Re: [Openswan Users] VPN is up, routing problem (27-août-2007 17:
> > 32)
> > From:    Paul Wouters <paul at xelerance.com>
> > To:      lmarcilly at aressi.fr
> >
> > > On Mon, 27 Aug 2007, Ludovic MARCILLY wrote:
> > >
> > > > > In my logs, i can see "Ipsec SA established" but i can't ping 192.168.1.0/
> > > > > 24 networks computers from 192.168.2.0/24 network.
> > > > >
> > > > > Here is the routing table on Linux 2:
> > > > >
> > > > > 81.23.32.136 0.0.0.0      255.255.255.248 U  0 0 0 eth2
> > > > > 192.168.2.0  0.0.0.0      255.255.255.0   U  0 0 0 eth0
> > > > > 192.168.1.0  81.23.32.138 255.255.255.0   UG 0 0 0 eth2
> > > > > 10.0.0.0     0.0.0.0      255.0.0.0       U  0 0 0 eth1
> > > > > 0.0.0.0      81.23.32.138 0.0.0.0         UG 0 0 0 eth2
> > > > >
> > > > > I don't paste here the routing table of Linux 1 since it is almost the same
> > > > > thing. (it the same thing for ipsec.conf).
> > > > >
> > > > > If i add a route which tell that gateway to reach 192.168.1.0/24 network is
> > > > > 81.23.32.137, it works well but i don't want to add the route manually.
> > >
> > > Your routing tables says that 192.168.1.0/24 lives at 81.23.32.138, while
> > > you
> > > want it to live behind 81.23.32.137 (via ipsec). You should remove the
> > > route
> > > for 192.168.1.0 to 81.23.32.138 then.
> > >
> > > Paul
> >
> >
> > To: paul at xelerance.com
> > Cc: users at openswan.org
> >
> >
> >
> > _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


To: paul at xelerance.com
Cc: users at openswan.org





More information about the Users mailing list