[Openswan Users] can't reach the right sub-net in net-to-net mode - how can I debug?

[jia Ma]

Hi,

I configured a net-to-net vpn with openswan, the configurations as follows:

conn net-to-net
        connaddrfamily=ipv4
        authby=secret
        left=10.226.9.2
        leftnexthop=%defaultroute
        leftsubnet=192.168.123.0/24
        right=10.226.9.215
        rightnexthop=%defaultroute
        rightsubnet=192.168.122.0/24
        esp=3des-sha1
        keyexchange=ike
        ike=3des-sha1
        pfs=no
        auto=add

It showed I can set the net-to-net vpn successfully, but when I couldn't reach 192.168.122.1 on the left endpoint, could you help me with this? Thanks!

104 "net-to-net" #1: STATE_MAIN_I1: initiate
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.6.24 ]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "net-to-net" #1: received Vendor ID payload [CAN-IKEv2]
004 "net-to-net" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}
117 "net-to-net" #2: STATE_QUICK_I1: initiate
004 "net-to-net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x1af874bc <0x2f3ee9b4 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110317/aacb7f84/attachment.html