[Openswan Users] route for remote subnet on site to site VPN not being added

Sat Oct 23 23:12:24 EDT 2010

my tunnel is coming up based upon following log details:

Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: responding to Main Mode
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: STATE_MAIN_R2: sent MR2, expecting MI3
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: Main mode peer ID is ID_IPV4_ADDR: '173.XX.XX.XX'
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #88: the peer proposed: 192.168.0.0/24:0/0 -> 192.168.10.0/24:0/0
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #89: responding to Quick Mode proposal {msgid:e8a034fa}
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #89:     us: 192.168.0.0/24===69.XX.XX.XX<69.XX.XX.XX>[+S=C]---69.XX.XX.XX
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #89:   them: 69.XX.XX.XX---173.XX.XX.XX<173.XX.XX.XX>[+S=C]===192.168.10.0/24
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #89: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #89: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #89: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 23 20:44:35 ubuntuFW pluto[28333]: "SF-To-Trenton" #89: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x9c5becf1 <0xf3bf5444 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}

however, when looking at my routing table the route for the remote subnet (192.168.10.0) is not being added.  the same is true on the right hand side.

here's my ipsec.conf config:

conn SF-TO-Trenton
	authby=secret
  	left=69.XX.XX.XX		# Public Internet IP address of SF                               
	leftsubnet=192.168.0.0/24	# Subnet protected by the LEFT VPN device
	leftnexthop=%defaultroute    	# correct in many situations
	right=173.XX.XX.XX           	# Public Internet IP address Trenton
	rightsubnet=192.168.10.0/24    	 # Subnet protected by the RIGHT VPN device
        rightnexthop=%defaultroute     	 # correct in many situations
	auto=start                    	

what am i missing?  thx-

-m