[Openswan Users] One way tunnel
Paul Wouters
paul at xelerance.com
Sun Mar 4 23:09:17 EST 2007
On Mon, 5 Mar 2007, lewis shobbrook wrote:
> I've set-up a tunnel between an openwrt White Russian 0.9 release and debian
> sid with openswan 2.4.6 with a 2.6.17 kernel.
>
> First digression to note is that I have had this combination working
> previously prior to WR 0.9.
>
> The tunnel works from the wrt end, through put is perfectly stable.
> from the debian end I am unable to ping through the tunnel with errors
> ...reply from X.X.X.X destination net unreachable.
> x.x.x.x is the next hop to the DSL router connected to the debian box, i.e.
> gateway to gateway.
"destination net unreachable" means the tunnel is not up, and the subnet=
is not reacahble. To get better logging in the openwrt, add to config setup:
plutostderrlog=/tmp/pluto.log
Then check the logs in /tmp/
> Other thing to note is that traceroutes to and from the wrt to the debian
> ends indicate different IP for the nexthop on the wrt side.
Thats bad Point-to-point routing of ISPs assigning our dhcp paramters which
are theoretically incorrect.
Do a route -n on the openwrt. if you see two routes to reach your gateway,
with one pointing into the ipsec device, delete the one pointing into the
ipsec device.
> I'm wondering if it might have something to do with the protocol 4 bug in
> 2.6.17 that has been reported previously?
> I've had to modify iptables on this box to accomodate the IP in IP
> protocol bug.
I have no idea what this bug is. Can you provide a link to information?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list