[Openswan Users] Routing to non open swan networks

Paul Wouters paul at xelerance.com
Mon Apr 20 20:04:01 EDT 2009


On Mon, 20 Apr 2009, Ian Cottee wrote:

> Now we have two new offices running Ubuntu Hardy Heron. ipsec version gives me.
>
>    Linux Openswan U2.4.9/K2.6.24-19-server (netkey)

Upgrade to openswan 2.4.14.

> For the life of I can't get these new offices to talk to the Japanese
> network. The VPN connects, can talk to the Brussels office network but
> won't route through to Japan. Firewall rules seem fine, routing rules
> seem fine but I'm not even seeing packets attempt to hit the other
> side of the vpn. So before pouring out piles of barf and stuff can I
> ask a couple of simple questions:

what does 'ipsec verify' say?

> 1. Would moving all nodes to the same version make this easier?

It should not make much of a difference.

Check your /etc/sysctl.conf. Netkey needs some specific settings,
check an openswan-2.6.x's programs/examples/sysctl.conf.in file for
example use (or look in /etc/ipsec.d/examples/sysctl.conf on a machine
with openswan 2.6.x installed)

Paul


More information about the Users mailing list