[Openswan Users] Openswan with NETKEY and monitoring data

Paul Wouters paul at xelerance.com
Wed Apr 6 16:08:27 EDT 2011

On Wed, 6 Apr 2011, Mark Dalton wrote:

> I am not seeing the data to the destination host.
> -- Cisco VPN ---- (eth0)OpenSwan -- (eth2) virtual 
> IPs
>        (internal)           (public IP)        (public)

Did you really mean /25 and not /24?

>         We just see 'src 192.168.', the other data we see is mostly
>         ESP --> OpenSwan (public IP)

The ESP is the encrypted data.

> conn tunnel
>          type=                  tunnel
>          authby=              secret
>          left= <openswan public IP>
>          leftsubnet=
>          leftnexthop=

That's not a valid nexthop. It should point to the IP of the gateway on the interface you
need to go out on, or in the default non-specified way, that of the %defaultroute.

>          right= <ext cisco public IP>
>          rightsubnet=

Note <-> does not match your diagram at the top that has <->


More information about the Users mailing list