[Openswan Users] Routing doesn't route with Openswan U2.6.09 and Fedora 9

[Greg Scott]

For the time being, sticking with Fedora RPMs, I found
openswan-2.6.14-1.fc9.i386.rpm at

/mirror/ftp.redhat.com/pub/fedora/linux/updates/9/i386.newkey

I just updated my fc9 firewall to this RPM and this time I was able to
successfully ping that printer in the Janesville PNT LAN.  This is the
LAN in Janesville that normally uses the ATT MPLS circuit and was giving
me trouble before.  Long story short, routing looks good this time with
the newer version of openswan on the fw2 firewall at the HQ site.  

I also added, brought up, took down, and deleted the
JanesvillePNT-Everywhere tunnel and was still able to ping that printer
in the JanesvillePNT LAN from the HQ LAN.  

I think somewhere in there, I also managed to make an ipsec auto --up
hang again but I'm not quite sure exactly how I did it yet.  It's
getting time for the folks in Janesville to start work so I think I'll
leave it alone for a while now.

- Greg
 

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com] 
Sent: Wednesday, December 03, 2008 11:16 AM
To: Greg Scott
Cc: users at lists.openswan.org; Steve Schmit; Dan Stadick
Subject: RE: [Openswan Users] Routing doesn't route with Openswan
U2.6.09 and Fedora 9

On Wed, 3 Dec 2008, Greg Scott wrote:

> I'm starting to think it might be better to use the latest 
> openswan*.tar.gz downloads instead of the bundled openswan RPMs.  I 
> have a hunch I will run into differences in the paths where various 
> programs and config files are located but I can deal with that.  What 
> is the consensus of opinion on using bundled RPMs versus .tar.gz
downloads?

The package maintainer at RedHat is catching up. Meanwhile, you can
always use the spec file in
openswan-2.x.y/packaging/fedora/openswan.spec
to build an rpm of the latest source tar.gz.

Paul