[Openswan Users] SA establsihed, but no tunnel up and no route

Wolfgang Rapp CrashOverload at gmx.de
Fri Mar 20 13:15:41 EDT 2009


Hi,

I checked the tunnel is up with "ip xfrm state & ip xfrm policy". The tunnel is up, but I cannot ping the server and get no response from the http server behind.

is that a firewall problem?

"ip xfrm state" output:

src 55.66.77.88 dst 22.33.44.55
        proto esp spi 0xede07022 reqid 16385 mode tunnel
        replay-window 32
        auth hmac(sha1) 0x8b434xsa6cfadffgfdsg452345423vx4230bbe
        enc cbc(aes) 0xfsasd7374239dfsac34234dsac3424
src 22.33.44.55 dst 55.66.77.88
        proto esp spi 0x18b4568c reqid 16385 mode tunnel
        replay-window 32
        auth hmac(sha1) 0xcdasf3412432nvbn23423nv423b4v
        enc cbc(aes) 0xc4234bnm43234nbnm231b4m3b25b23b




-------- Original-Nachricht --------
> Datum: Thu, 19 Mar 2009 09:55:19 -0400 (EDT)
> Von: Paul Wouters <paul at xelerance.com>
> An: CrashOverload at gmx.de
> CC: users at openswan.org
> Betreff: Re: [Openswan Users] SA establsihed, but no tunnel up and no route

> On Wed, 18 Mar 2009, CrashOverload at gmx.de wrote:
> 
> > I´m new to OpenSwan and had some problems to get it work. The tunnel is
> established but I cannot ping through it or can access the http server
> behind.
> 
> Check with ipsec verify. It is usually a firewall or NAT issue.
> 
> > I´m using OpenSwan 2.6.14 and CentOS 5.2
> >
> > And something what makes me confuse is, that the SA is established, but
> and "ipsec setup status" says me, that no tunnel is up.
> 
> That's a buglet. Check with 'ip xfrm state' and 'ip xfrm policy' to
> confirm
> the tunnels are up.
> 
> Paul
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01


More information about the Users mailing list