[Openswan Users] Net2Net Problem with eroutes
Shyam Prasad
shyam at rocsys.com
Wed Dec 12 08:00:37 EST 2007
Hi,
Im having a problem related to eroutes.Following is my
setup.
Fedora Core-8, 2.6.21, openswan-2.5.15
This is a test setup in my lan so all ips are private.
Setup...
(LAN1)-------(GW1)--------(GW2)--------(LAN2)
(192.168.1.0/24)------(172.16.15.44)----------(172.16.15.140)----(192.168.10.0/24)
All is well and IPSEC is established, when i ping from
LAN1 packets are encrypted i get back a reply.
my ipsec eroute in GW1:
0 192.168.1.0/24 -> 192.168.10.0/24 =>
tun0x1005 at 172.16.15.140:1
now keeping the ping going in LAN1,i terminate the
connection at GW2 using "ipsec whack --terminate
--name admin"
in my GW1 the ipsec eroute is modified to
0 192.168.1.2/32 -> 192.168.10.2/32 => %pass
10 192.168.1.2/32 -> 192.168.10.2/32 => %hold:1
now when i initiate the tunnel again the tunnel is
established and an erroute is added as follows
0 192.168.1.0/24 -> 192.168.10.0/24 =>
tun0x1005 at 172.16.15.140:1
0 192.168.1.2/32 -> 192.168.10.2/32 => %pass
10 192.168.1.2/32 -> 192.168.10.2/32 => %hold:1
still the ping packets are going through the %hold
route and im not able to ping LAN2
can anyone clear what is wrong here??
ipsec.conf file in GW1 and GW2
conn admin
leftid=@adminho
left=172.16.15.44
leftsubnet=192.168.1.0/24
leftprotoport=1/0
rightid=@adminbo
right=172.16.15.140
rightsubnet=192.168.10.0/24
rightprotoport=1/0
keyingtries=100
auto=ignore
authby=secret
pfs=no
Regards,
Shyam
More information about the Users
mailing list