[Openswan Users] Routing Issue I don't understand

Ben Schmidt crackhd2 at gmail.com
Wed Aug 14 12:18:53 UTC 2013


Hi Nick,

thank you very very much!!!
Adding the leftsourceip and removing all empty lines in the conn definition
did the trick!

Thanks,
Ben


On Wed, Aug 14, 2013 at 9:43 AM, Nick Howitt <n1ck.h0w1tt at gmail.com> wrote:

>  Add a leftsourceip to the conn. Also do not leave any blank lines in the
> conn definition.
>
>
> On 14/08/2013 05:52, Ben Schmidt wrote:
>
> Hi Gertjan,
>
>  ping to a Address in the DST Network that should reply:
>  #########
>  ipsec01:~# ping 10.41.35.4
> PING 10.41.35.4 (10.41.35.4) 56(84) bytes of data.
> From yyy.yyy.27.137 icmp_seq=1 Destination Host Unreachable
> From yyy.yyy.27.137 icmp_seq=2 Destination Host Unreachable
>  #########
>
>  tcpdump:
> #########
>  ipsec01:~# tcpdump -n not port 22
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 06:48:51.743462 IP yyy.yyy.27.141 > 10.41.35.4: ICMP echo request, id
> 4483, seq 1, length 64
> 06:48:51.744362 IP yyy.yyy.27.137 > yyy.yyy.27.141: ICMP host 10.41.35.4
> unreachable, length 36
> 06:48:52.744488 IP yyy.yyy.27.141 > 10.41.35.4: ICMP echo request, id
> 4483, seq 2, length 64
> 06:48:52.745262 IP yyy.yyy.27.137 > yyy.yyy.27.141: ICMP host 10.41.35.4
> unreachable, length 36
>  #########
> yyy.yyy.27.141 is my public Gateway
>
>  Any Ideas?
>
>  Thanks,
> Ben
>
>
> On Tue, Aug 13, 2013 at 6:43 PM, Gertjan Baarda <gertjan.baarda at gmail.com>wrote:
>
>> What does the ping output say?
>>
>>
>> On Tuesday, August 13, 2013, Ben Schmidt wrote:
>>
>>>  Hallo Mailing List,
>>>
>>>  I got VPN up and running from openswan 2.6.37-3 running on debian 7
>>> amd64 connecting to a Juniper ISG.
>>> My Problem is that I can not get a single ping over the Tunnel, seems
>>> like a routing Issue.
>>>
>>>  Here is my config: http://pastebin.com/QdqtpPsg
>>> Here is the ouput of "ipsec auto --status": http://pastebin.com/7i4UJKAu
>>> Here is the output of "ipsec barf" > http://pastebin.com/iaMkuGwc
>>>
>>>  So it tells me that "ip xfrm policy" is
>>> ###########
>>> src 192.168.210.0/24 dst 10.41.35.0/24
>>>         dir out priority 2344 ptype main
>>>         tmpl src yyy.yyy.27.141 dst zzz.zzz.2.74
>>>                 proto esp reqid 16385 mode tunnel
>>> src 10.41.35.0/24 dst 192.168.210.0/24
>>>         dir fwd priority 2344 ptype main
>>>         tmpl src zzz.zzz.2.74 dst yyy.yyy.27.141
>>>                 proto esp reqid 16385 mode tunnel
>>> src 10.41.35.0/24 dst 192.168.210.0/24
>>>         dir in priority 2344 ptype main
>>>         tmpl src zzz.zzz.2.74 dst yyy.yyy.27.141
>>>                 proto esp reqid 16385 mode tunnel
>>> ###########
>>>
>>>  That should do what I want, but it doesn't.
>>>
>>>  Could someone please point me in a direction to look at?
>>>
>>>  Thanks a lot,
>>> Ben
>>>
>>>
>>
>>  --
>> Sent from Gmail Mobile
>>
>
>
>
> _______________________________________________Users at lists.openswan.orghttps://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130814/edddc254/attachment.html>


More information about the Users mailing list