[Openswan Users] Routing to non open swan networks
Paul Wouters
paul at xelerance.com
Mon Apr 20 20:04:01 EDT 2009
On Mon, 20 Apr 2009, Ian Cottee wrote:
> Now we have two new offices running Ubuntu Hardy Heron. ipsec version gives me.
>
> Linux Openswan U2.4.9/K2.6.24-19-server (netkey)
Upgrade to openswan 2.4.14.
> For the life of I can't get these new offices to talk to the Japanese
> network. The VPN connects, can talk to the Brussels office network but
> won't route through to Japan. Firewall rules seem fine, routing rules
> seem fine but I'm not even seeing packets attempt to hit the other
> side of the vpn. So before pouring out piles of barf and stuff can I
> ask a couple of simple questions:
what does 'ipsec verify' say?
> 1. Would moving all nodes to the same version make this easier?
It should not make much of a difference.
Check your /etc/sysctl.conf. Netkey needs some specific settings,
check an openswan-2.6.x's programs/examples/sysctl.conf.in file for
example use (or look in /etc/ipsec.d/examples/sysctl.conf on a machine
with openswan 2.6.x installed)
Paul
More information about the Users
mailing list