[Openswan Users] can't reach the right sub-net in net-to-net mode - how can I debug?
Willie Gillespie
wgillespie+openswan at es2eng.com
Fri Mar 18 17:47:28 EDT 2011
And if that doesn't solve your problem, it's probably a firewall issue.
On 3/18/2011 3:35 PM, Nick Howitt wrote:
> Hi,
>
> At the left end put leftsourceip=192.168.123.x and at the right end put
> rightsourceip=192.168.122.1. You can put both leftsourceip and
> rightsourceip at each end if you want.
>
> Nick
>
> On 17/03/2011 10:05, jia Ma wrote:
>> Hi,
>>
>> I configured a net-to-net vpn with openswan, the configurations as
>> follows:
>>
>> conn net-to-net
>> connaddrfamily=ipv4
>> authby=secret
>> left=10.226.9.2
>> leftnexthop=%defaultroute
>> leftsubnet=192.168.123.0/24
>> right=10.226.9.215
>> rightnexthop=%defaultroute
>> rightsubnet=192.168.122.0/24
>> esp=3des-sha1
>> keyexchange=ike
>> ike=3des-sha1
>> pfs=no
>> auto=add
>>
>> It showed I can set the net-to-net v pn successfully, but when I
>> couldn't reach 192.168.122.1 on the left endpoint, could you help me
>> with this? Thanks!
>>
>> 104 "net-to-net" #1: STATE_MAIN_I1: initiate
>> 003 "net-to-net" #1: received Vendor ID payload [Openswan (this
>> version) 2.6.24 ]
>> 003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
>> 106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>> 108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>> 003 "net-to-net" #1: received Vendor ID payload [CAN-IKEv2]
>> 004 "net-to-net" #1: STATE_MAIN_I4: ISAKMP SA established
>> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
>> group=modp1536}
>> 117 "net-to-net" #2: STATE_QUICK_I1: initiate
>> 004 "net-to-net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
>> tunnel mode {ESP=>0x1af874bc <0x2f3ee9b4 xfrm=3DES_0-HMAC_SHA1
>> NATOA=none NATD=none DPD=none}
>>
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Micropayments:https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list