[Openswan Users] didn't see route after ipsec established

tang huu trong huutrong at gmail.com
Tue Apr 21 00:03:31 EDT 2009 

Dear all.

my network structure below:

private2 ---- vpn2   ----------internet---------- vpn1 --------- private1

private 2 : 172.16.2.0 /24
private 1: 172.16.1.0 / 24
 vpn2 server: private interface: 172.16.2.1 ; public interface:
210.245.125.41
vpn1 server: private interface: 172.16.1.1 ; public interface:
210.245.125.181


after i run :
ipsec auto --up net-to-net
117 "net-to-net" #3: STATE_QUICK_I1: initiate
004 "net-to-net" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel
mode {ESP=>0x98e7bb68 <0xd0adaf54 xfrm=AES_128-HMAC_SHA1 NATOA=none
NATD=none DPD=none}

i think the IPsec SA established and success.

BUT: i can't ping to private network behind vpn server from both site
(iptables stopped and there 2 vpn servers didn't under firewall).

then i check routing by "netstat -nr" on vpnserver2, result:
netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
210.245.125.0   0.0.0.0         255.255.255.192 U         0 0          0
eth0
172.16.2.0      0.0.0.0         255.255.255.0   U         0 0          0
eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
eth1
0.0.0.0         210.245.125.1   0.0.0.0         UG        0 0          0
eth0


it didn't have route line to another private site, it should be have 1 more
line:
172.16.1.0     210.245.125.181     255.255.255.0     UG   0   0   0  eth0

and check routing by "netstat -nr" on vpnserver1, it didn't have route line
to network private2, too.

what did i wrong?

i try add route by manual on vpn2, but system inform : network is
unreachable.
route add -net 172.16.1.0 netmask 255.255.255.0 gw 210.245.125.181
SIOCADDRT: Network is unreachable

but i can ping 210.245.125.181 from vpnserver2.

and this is my config file:
conn net-to-net
 left=210.245.125.41
 leftsubnet=172.16.2.0/24
 leftid=@210.245.125.41
 leftrsasigkey=.................
 leftnexthop=210.245.125.181
 right=210.245.125.181
 rightsubnet=172.16.1.0/24
 rightid=@210.245.125.181
 rightrsasigkey=...........
 rightnexthop=210.245.125.41
 auto=start

i set leftnexthop and rightnexthop in config file. but why didn't have route
line after start tunnel? what did i wrong?
please help me. thanks you very much.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090421/32e65619/attachment.html

More information about the Users mailing list