[Openswan Users] Openswan not updating the routing table
paul at nohats.ca
Thu Mar 8 14:08:59 EST 2012
On Thu, 8 Mar 2012, nemus at grayhatlabs.com wrote:
> I am not seeing the routes being update in the routing tables not sure why.
Because netkey does not use routing to grab packets for
> no for some reason I cannot connect to the 172.x.x.1 ip from the pfsense box.
again check NAT/firewalling on BOTH ends points.
> How does NETKEYS handle routing?
netkey does not use/need routing for encryption/decryption.
> erouted; eroute owner: #2
> I see this in ipsec auo --status
> but I am not sure how the kernel knows about it and why doesn't show up in
> the routing table?
You need to see "IPsec SA Established". You can also check "ip xfrm state"
> ipsec verify
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.6.33/K126.96.36.199-rscloud (netkey)
> Checking for IPsec support in kernel [OK]
> SAref kernel support [N/A]
> NETKEY: Testing XFRM related proc values [OK]
> Checking that pluto is running [OK]
> Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on udp 4500 [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking NAT and MASQUERADEing [OK]
> Checking for 'ip' command [OK]
> Checking /bin/sh is not /bin/dash [OK]
> Checking for 'iptables' command [OK]
> Opportunistic Encryption Support [DISABLED]
Ok, that looks good.
> iptables -L
> Chain INPUT (policy DROP)
Try resetting all firewall rules to accept to determine if the firewall is
> Chain FORWARD (policy DROP)
> target prot opt source destination
This might be your problem.
More information about the Users