[Openswan Users] transport works, tunnel doesn't

Mon Sep 8 12:34:36 EDT 2008

How are you determining that the tunnel isn't working?
Ping test? If so to/from which hosts? Are they in the subnets?
Do both ipsec.conf's contain the same subnets?
Log error message?
Your problem description is very vague.
Sending an ipsec barf > ipsec_barf.txt attachment would help.

Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of sd sdzf
> Sent: September 5, 2008 4:01 PM
> To: users at openswan.org
> Subject: [Openswan Users] transport works, tunnel doesn't
> 
> Hello,
>  
> I'm running 2 servers in different locations, Centos 5.2 with 
> openswan-2.6.14-1.
>  
> I setup the configuration for IPSEC between the 2 servers and 
> that works fine. The configuration to connect also the subnet 
> is not working.
>  
> The /etc/ipsec.conf file has the following config:
>  
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual:     ipsec.conf.5
> #
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
> version 2.0     # conforms to second version of ipsec.conf 
> specification
> # basic configuration
> config setup
> 
>         interfaces=%defaultroute
>         # Debug-logging controls:  "none" for (almost) none, 
> "all" for lots.
>         # klipsdebug=none
>         # plutodebug="control parsing"
>         # For Red Hat Enterprise Linux and Fedora, leave 
> protostack=netkey
>         protostack=netkey
>         nat_traversal=yes
> include /etc/ipsec.d/*.conf
> 
> The connection configuration file:
>  
> conn test
>         type=tunnel
>         right=right-public-ip
>         rightsubnet=10.0.0.0/24
> #     
> rightrsasigkey=0sAQNe0OynsdPx/DXDJJTP4IOAVQPprpp5VBbm+iIRBNeCQ
KzFzn8Z/BVZhWV5g6AgGepqK9ldFHAg6A0X6eT5atZOKsS2r1gLtExKcE++zuiTB> IbTA6hbVTOBasDuZ/GU2TVRoBf9VmuunOFctGoL79b0Z1w8hS6KJDyt7Gp5nEK
> +fP9qQeqloxiw7b+hZBu96ZF6kYocF2MrpNCqbwJm8XBl8YGQSYP8tjBmAzO4q
> uJW5MkKoB+olGpKcEoI+NQW2gh3rpim/9y5w6B68aAngAQpgFpXaZLl9azbm4P
> ijSbROsue095I6vDukj
>         left=my-public-ip
>         leftsubnet=10.18.1.0/28
> #        
> leftrsasigkey=0sAQN6fKakRwgQb3ciBP868KRMlMDBCeub8oxgdwXyJw2hrG
Hzk13krtkjj32TRh/AeITCNIIUIaJe5mEE2TC3K4cnr8gQgi4GoYNutVFMdNz4yd> elJTTUw0wowwGN1OkcsW1YCrwJIKlzV0ciHbVLDHkrwWZMn2UXCRDcp+uYBCDG
> /hMXf5WYKuM7IrbQVR1V6SSiZbgOIoNC6PaxoZTyhoMplwwGbFpDIkPamUBiXX
> FEHgDv/pUfRs6ZcqQtflBFB0xtBkUp7dZ4giAj44jjkHBmLezRtPO8UKbSyTP7
> 135WAdtjkVBNIc7h
> 
>         esp=3des
>         authby=secret
>         keyexchange=ike
>         pfs=no
>         auto=start
> 
>  
> As you can see, I tryed using RSA and also PSK key.
> If I'm comenting the leftsubnet and rightsubnet everything 
> works fine. But I'm not able to connect the subnets.
>  
> Any help?
>  
> Respectfully,
> Rudolf Barkoczi
> 
> 