[Openswan Users] didn't see route after ipsec established

Curu Wong prinbra at gmail.com
Tue Apr 21 05:49:13 EDT 2009 

just set leftsourceip and rightsourceip to your VPN gateways' internal
address may help
2009/4/21 tang huu trong <huutrong at gmail.com>

> Dear all.
>
> my network structure below:
>
> private2 ---- vpn2   ----------internet---------- vpn1 --------- private1
>
> private 2 : 172.16.2.0 /24
> private 1: 172.16.1.0 / 24
>  vpn2 server: private interface: 172.16.2.1 ; public interface:
> 210.245.125.41
> vpn1 server: private interface: 172.16.1.1 ; public interface:
> 210.245.125.181
>
>
> after i run :
> ipsec auto --up net-to-net
> 117 "net-to-net" #3: STATE_QUICK_I1: initiate
> 004 "net-to-net" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel
> mode {ESP=>0x98e7bb68 <0xd0adaf54 xfrm=AES_128-HMAC_SHA1 NATOA=none
> NATD=none DPD=none}
>
> i think the IPsec SA established and success.
>
> BUT: i can't ping to private network behind vpn server from both site
> (iptables stopped and there 2 vpn servers didn't under firewall).
>
> then i check routing by "netstat -nr" on vpnserver2, result:
> netstat -nr
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt
> Iface
> 210.245.125.0   0.0.0.0         255.255.255.192 U         0 0          0
> eth0
> 172.16.2.0      0.0.0.0         255.255.255.0   U         0 0          0
> eth1
> 169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0
> eth1
> 0.0.0.0         210.245.125.1   0.0.0.0         UG        0 0          0
> eth0
>
>
> it didn't have route line to another private site, it should be have 1 more
> line:
> 172.16.1.0     210.245.125.181     255.255.255.0     UG   0   0   0  eth0
>
> and check routing by "netstat -nr" on vpnserver1, it didn't have route line
> to network private2, too.
>
> what did i wrong?
>
> i try add route by manual on vpn2, but system inform : network is
> unreachable.
> route add -net 172.16.1.0 netmask 255.255.255.0 gw 210.245.125.181
> SIOCADDRT: Network is unreachable
>
> but i can ping 210.245.125.181 from vpnserver2.
>
> and this is my config file:
> conn net-to-net
>  left=210.245.125.41
>  leftsubnet=172.16.2.0/24
>  leftid=@210.245.125.41
>  leftrsasigkey=.................
>  leftnexthop=210.245.125.181
>  right=210.245.125.181
>  rightsubnet=172.16.1.0/24
>  rightid=@210.245.125.181
>  rightrsasigkey=...........
>  rightnexthop=210.245.125.41
>  auto=start
>
> i set leftnexthop and rightnexthop in config file. but why didn't have
> route line after start tunnel? what did i wrong?
> please help me. thanks you very much.
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090421/b8da8727/attachment.html

More information about the Users mailing list