[Openswan Users] Old user having troubles with new techniques

[Larry Brown]

On Tue, 2010-06-29 at 15:15 -0600, Willie Gillespie wrote:

> Aha!  Maybe this is it.  In your first message, you had:
> 
> config setup
> 	nat_traversal=yes
> 	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/24
> 	oe=off
> 	protostack=netkey
> 
> Does it work if you add %v4:192.168.0.0/16 (or 192.168.2.0/24) to 
> virtual_private?

No.  I originally had 192.168.0.0/16 and removed it thinking perhaps it
was confusing ipsec thinking it can't be an address on the "external"
interface for the unit connecting in.  That was in an attempt to get it
working when in this situation.  I just re-added it to both with no luck
and then just to the Office Gateway machine.  Still no go.  I restart
ipsec after each change and bring the tunnel back up.  I also reduced
the size of the subnet although the subnet the roadwarrior is on is in
fact /16. 

That's part of the irritation is that the tunnel comes up nice and fast
after making these changes.  I have the tunnel down pat.  Routing is
normally the easy part but without an interface to give to iptables it
seems like I have no control...