[Openswan Users] Openswan 2.6.22/CentOS 5.3: what should I see when it is working?
Paul Wouters
paul at xelerance.com
Mon Aug 31 20:59:59 EDT 2009
On Mon, 31 Aug 2009, Kevin White wrote:
> I'm trying to set up a VPN between a CentOS 5.3 box and a Cisco router.
> On the Cisco side, everything looks like it is up. On the Openswan
> side, everything also looks good:
>
> 000 #2: "X_1-Y2_1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
> EVENT_SA_REPLACE in 27868s; newest IPSEC; eroute owner; isakmp#1; idle;
> import:admin initiate
Note that I've seen cisco routers be "happy" until the packet arrives,
and it would still silently drop it. Can you get logs from the cisco?
> [root at pgKevTest09 ipsec.d]# ipsec auto --status|grep eroute
> 000 "X_1-Y2_1":
> 192.168.10.0/24===y.y.y.y[@X2,+S=C]---ppp_peer...x.x.x.x<x.x.x.x>[+S=C]===192.168.99.0/24;
> erouted; eroute owner: #2
>
> So everything looks like the eroute is set up...if the only place you
> actually see anything about the eroute is in ipsec auto --status.
>
> Is there any other sort of testing I can do?
ip xfrm policy
ip xfrm state
or a whole lot of debugging things with 'ipsec barf'
Paul
More information about the Users
mailing list