[Openswan Users] multiple subnets ?

Indunil Jayasooriya indunil75 at gmail.com
Thu Jun 26 01:43:33 EDT 2008

> auto=start should cause the same results....

Thanks for it.

>> Now, All 4 tunnles are up. But, I still can not ping to 4 subnets in
>> other side.
>> Could you pls expalin why?
> firewalling? routing? natting? rp_filter?

it is a firewall with a lot of rules. I has 3 network cards. Natting is DONE.

rp_filter is set to 1.

> what does ipsec verify say?

pls see below

[root at firewall etc]# ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.9/K2.6.18-8.el5 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)               [DISABLED]
  ipsec showhostkey: no default key in "/etc/ipsec.secrets"
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

>> I did traceroute as well.
> Traceroute is a very bad tool to use in combination with IPsec.

Then, Can you recommnad a good tool instead?

Command ifconfig shows the USUAL ip addresses. It does NOT show any tunnel?

Could you pls expalin why I can not ping their subnets.

What are the areas I will have to look in to it ?

Hope to hear form you ASAP?-

Thank you
Indunil Jayasooriya

More information about the Users mailing list