[Openswan Users] After the IPSec tunnel bult, ipsec verify got some failed message.
Paul Wouters
paul at xelerance.com
Wed Aug 29 10:41:27 EDT 2007
On Wed, 29 Aug 2007, mix wrote:
> I had captured the ESP packet from eth1 when the client doing the ping (but always got the time out).
> Checking NAT and MASQUERADEing
> Checking tun0x1020 at 10.1.1.2:10 from 0.0.0.0/0:258 to 0.0.0.0/0 [FAILED]
> MASQUERADE from 0.0.0.0/0 to 0.0.0.0/0 kills tunnel 0.0.0.0/0 -> 0.0.0.0/0
You need to exlucde the packets that are going to be encrypted from your NAT/MASQ
> /etc # ipsec eroute
> 0 0.0.0.0/0:258 -> 0.0.0.0/0 => tun0x1022 at 10.1.1.2:10
That is a very strange eroute. You have a really odd subnet declaration in
your conn, or something is very very broken.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list