[Openswan Users] net-to-net with multiple subnets, unrouted
Paul Wouters
paul at xelerance.com
Tue Nov 23 10:30:04 EST 2010
On Tue, 23 Nov 2010, kallen at groknaut.net wrote:
>> You should not need to do any manual "route add" commands. If you are doing them
>> manually, you are more likely breaking it further.
>
> ah! noted.
>
>>> 2) why do 3 out of 4 of my "connections" show as "unrouted; eroute owner: #0"?
>>> and why does the linux gateway keep trying to, i think, negotiate add'l
>>> IPSEC SAs? and why do those attempts fail? is it a misconfig on my end, a
>>> misconfig on the Juniper end? or an interop problem?
>>
>> Can you show some more logs here?
>
> yep. do you want plutodebug="all"? if so, i've got a 4300+ lines of log
> (347K uncompressed). ok to send it to list?
no! As ipsec.conf clearly states:
# Do not set debug options to debug configuration issues
and:
# Again: only enable plutodebug or klipsdebug when asked by a developer
Just the regular logs please.
> after using leftsourceip, keeping my hands off the routes, and firing
> it up, i have a route to one of the two rightsubnets:
>
> 192.168.101.0 5.5.5.100 255.255.255.0 UG 0 0 0 eth1
>
> but how to get routes for all rightsubnets? probably is a symptom of the
> problem in #2 above.
Set leftsourceip= for all the connection you defined.
Paul
More information about the Users
mailing list