[Openswan Users] Route not added not traffic

Martin Eramus martin at onyx.co.za
Thu Jan 3 13:13:18 EST 2008 

Hi

Over this Christmas holiday my server at home died. it was running fc2

I replaced the hard drive and installed fc7

Everything is working except that I can now not link to my server at my 
office. the machine is running fc7 and the 2 machines were linking 
before I had to reinstall   the machine at my office links to 4 other 
machines plus my machine at home this other machines are fc2 & fc7.

We I start the link from home it looks like it is successful but no 
traffic travels through and when I look at the route table, it looks 
like the route has not been added

This is my ipsec.conf file
version 2

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none

conn %default
 keyingtries=0

conn besho-squirt
 type=tunnel
 left=besho.gotdns.org
 leftsubnet=192.168.0.0/24
 leftnexthop=41.208.200.1
 right=%defaultroute
 rightsubnet=192.168.13.0/24
 rightnexthop=
 rightid=@squirt
 auto=add
 authby=secret|rsasig

The Link details are as follows

Starting IPsec:  Starting Openswan IPsec 2.4.7...
                                                           [  OK  ]
104 "besho-squirt" #1: STATE_MAIN_I1: initiate
003 "besho-squirt" #1: received Vendor ID payload [Openswan (this 
version) 2.4.7  PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "besho-squirt" #1: received Vendor ID payload [Dead Peer Detection]
106 "besho-squirt" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "besho-squirt" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "besho-squirt" #1: STATE_MAIN_I4: ISAKMP SA established 
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 
group=modp1536}
117 "besho-squirt" #2: STATE_QUICK_I1: initiate
004 "besho-squirt" #2: STATE_QUICK_I2: sent QI2, IPsec SA established 
{ESP=>0x3a9890bc <0x3bf6934e xfrm=AES_0-HMAC_SHA1 NATD=none DPD=none}

Route Table

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use 
Iface
wbs-196-2-112-1 *               255.255.255.255 UH    0      0        0 ppp0
10.0.0.0        *               255.255.255.0   U     0      0        0 eth0
192.168.0.0     *               255.255.255.0   U     0      0        0 ppp0
192.168.13.0    *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         *               0.0.0.0         U     0      0        0 ppp0


ipsec verify

Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.7/K2.6.21-1.3194.fc7 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [N/A]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

I know it is something small I am missing can any one help

Thanks

Martin

More information about the Users mailing list