[Openswan Users] routing issues with netkey
GregScott at InfraSupportEtc.com
Wed Apr 2 02:03:40 EDT 2008
Jacco, I may have run into a similar issue. I wrote it up and emailed
to the list a few hours ago. In my case, the output from ip xfrm policy
seems to look similar to earlier versions. Were you able to get your
- Greg Scott
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Jacco Kok
Sent: Monday, March 10, 2008 11:30 AM
To: users at openswan.org
Subject: [Openswan Users] routing issues with netkey
LS, has anyone come across routing problems with the netkey
implemetation under fedora? I use fc7 with kernel 126.96.36.199-80.fc7 and
The setup is a host-to-network vpn between the host and the gateway are
2 natting devices:
NAT (10.0.53.20 <-> 172.20.1.50)
NAT (10.80.6.2 <-> 10.0.13.71)
I've setup the vpn using X509 certificates and the log says the vpn is
established. However ip xfrm policy show tells that the vpn is between
10.0.13.71 and 172.16.42.0/24 _updown also added a route to 10.0.13.71.
When sending traffic to 10.0.13.71 from the 172.16.42.0/24 I see indeed
ESP traffic to the host but the host never answers because the address
of the unpacked packets is 10.0.13.71 and not 10.80.6.2.
I tried to set the policy by hand and it looks ok but does not work. Can
anyone shed some light on how openswan/netkey handles routing and how to
get this setup going?
Try to relax and enjoy the crisis.
-- Ashleigh Brilliant
Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan:
More information about the Users