[Openswan Users] Openswan not updating the routing table
Paul Wouters
paul at nohats.ca
Wed Mar 7 23:07:40 EST 2012
On Wed, 7 Mar 2012, nemus at grayhatlabs.com wrote:
> I am trying to get openswan to connect to a pfsense box.
>
> The pfsense box connects and says everything is good.
>
> I can ping 172.x.x.1 from pfsense its self.
> so I don't know how to do the route so everything will work.
You should never need to do manual routing, unless your client machines
need to send packets to a machine that is not their default gateway. On
the ipsec gateway itself you should never need to do any manual routing.
> also I read some where on linux forums that netkey does not do tunnel mode
>
> is this true?
That is not true. NETKEY works fine.
> conn net-to-net
> type=tunnel
> authby = secret
> left = x.x.x.236
> leftsubnet = 172.x.x.0/24
> right= x.x.x.50
> rightsubnet= 10.x.x.0/24
> esp = 3des-md5
> keyexchange = ike
> pfs = no
> 000 #2: "net-to-net":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
> EVENT_SA_REPLACE in 27753s; newest IPSEC; eroute owner; isakmp#1; idle;
> import:admin initiate
> 000 #2: "net-to-net" esp.4f845fa at x.x.x.50 esp.bc46ab15 at x.x.x.x
> tun.0 at x.x.x.x tun.0 at z.x.x.236 ref=0 refhim=4294901761
> 000 #1: "net-to-net":500 STATE_MAIN_I4 (ISAKMP SA established);
> EVENT_SA_REPLACE in 2312s; newest ISAKMP; lastdpd=1s(seq in:0 out:0);
> idle; import:admin initiate
Seems up. What does "ipsec verify" say ?
Check firewall/nat/forwarding
Paul
More information about the Users
mailing list