[Openswan Users] SA establsihed, but no tunnel up and no route

Paul Wouters paul at xelerance.com
Thu Mar 19 09:55:19 EDT 2009

On Wed, 18 Mar 2009, CrashOverload at gmx.de wrote:

> I´m new to OpenSwan and had some problems to get it work. The tunnel is established but I cannot ping through it or can access the http server behind.

Check with ipsec verify. It is usually a firewall or NAT issue.

> I´m using OpenSwan 2.6.14 and CentOS 5.2
> And something what makes me confuse is, that the SA is established, but and "ipsec setup status" says me, that no tunnel is up.

That's a buglet. Check with 'ip xfrm state' and 'ip xfrm policy' to confirm
the tunnels are up.


More information about the Users mailing list