[Openswan Users] Destination Private Network unreachable but Tunnel is UP

Willie Gillespie wgillespie+openswan at es2eng.com
Wed Jul 27 05:19:12 EDT 2011


If the tunnel is up, it could be a firewall issue.
Can you test with iptables off?  And try pinging from both sides?

On 7/27/2011 2:50 AM, Imtiaz Rahi wrote:
> Anyone please respond and help me.
>
> cheers // Imtiaz Rahi
>
>
> On Mon, Jul 25, 2011 at 7:19 PM, Imtiaz Rahi<imtiaz.rahi at gmail.com>  wrote:
>> Hi People,
>>
>> I am a first timer with IPsec VPN and Openswan.
>> I am setting up an IPsec VPN from a Linux box to Cisco router.
>> Linux: Ubuntu 10.04 LTS Openswan U2.6.23/K2.6.32-30-server (netkey)
>> Cisco: Cisco 2821
>>
>> Here is the IPsec network diagram
>> 172.19.253.0/29 === 210.4.xx.xxx --- 210.4.xx.xxx ... 203.112.xxx.xx
>> --- 203.112.xxx.xx === 10.1.4.0/24;
>>                                        Linux VPN box
>>                                                Cisco router
>>
>>
>> "ipsec status" says my tunnel is up and some eroutes exist. But I can
>> not reach the destination network.
>> I am trying to ping 10.1.4.8 like below and unsuccessful;
>>
>> ping 10.1.4.8 -I 172.19.253.1
>> PING 10.1.4.8 (10.1.4.8) from 172.19.253.1 : 56(84) bytes of data.
>>
>> ^C
>> --- 10.1.4.8 ping statistics ---
>> 14 packets transmitted, 0 received, 100% packet loss, time 13007ms
>>
>> Please help me here.
>>
>> Cheers // Imtiaz Rahi
>>
>>
>> P.S. Here is the ipsec.conf for reference
>>
>> ==================================================
>> version 2.0
>>
>> config setup
>>         nat_traversal=yes
>>         virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
>>         oe=off
>>         protostack=netkey
>>         interfaces=%defaultroute
>>
>> conn teletalk-vpn
>>         type=tunnel
>>         authby=secret
>>         left=210.4.xx.xxx
>>         leftnexthop=210.4.xx.xxx
>>         leftsubnet=172.19.253.1/29
>>         leftupdown=/usr/lib/ipsec/_updown
>>         right=203.112.xxx.xx    # Cisco 2821
>>         rightnexthop=203.112.xxx.xx
>>         rightsubnet=10.1.4.0/24
>>         keyexchange=ike
>>         keylife=1h
>>         ike=3des-md5-modp1024
>>         phase2alg=3des-md5
>>         pfs=no
>>         auto=start
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list