[Openswan Users] IPSec authentication, but can't ping the desired network

Wed Jan 30 17:56:15 EST 2008

On Wed, 30 Jan 2008, Brian Chang wrote:

>   000 #2: "softlayer":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28196s; newest IPSEC; eroute owner
>   000 #2: "softlayer" esp.6ad0d110 at 38.96.196.93 esp.dca4fcdd at 66.92.2.246 tun.0 at 38.96.196.93 tun.0 at 66.92.2.246

Looks like it established, so most likely you are NAT'ing or firewalling
packets.

>   conn softlayer
>           type=tunnel
>           authby=secret
>           auto=start
>           left=66.92.2.246
>           leftnexthop=66.92.2.1
>           leftsubnet=10.23.23.0/24
>           right=38.96.196.93
>           rightnexthop=10.12.132.1

rightnexthop's gateway is not within right's network? Is this a
really bad ISP with pppoe/pptp?

>           rightsubnet=10.12.132.64/26

And your subnet is behind your router? That makes no sense to me.

>   I’m about to ditch Openswan for a crappy Linksys router with vpn (ugh!), so if anyone has ideas I’d be very happy :D

the linksys routers come with either freeswan or openswan, so I
doubt you'll gain much :)

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155