[Openswan Users] tunnel up , right subnet never routes

Fri Aug 23 14:04:57 UTC 2013

Below, I have my configuration (sanitized) and the results of bringing the tunnel up

But the route never comes up and hosts on the right subnet aren't reachable.

Can anyone make a suggestion as to what may be going on here and how I can fix it?  What other information might I provide?

Thanks in advance

ipsec auto --up xyz
104 "xyz" #362: STATE_MAIN_I1: initiate
003 "xyz" #362: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
003 "xyz" #362: ignoring Vendor ID payload [FRAGMENTATION c0000000]
106 "xyz" #362: STATE_MAIN_I2: sent MI2, expecting MR2
003 "xyz" #362: received Vendor ID payload [Cisco-Unity]
003 "xyz" #362: received Vendor ID payload [XAUTH]
003 "xyz" #362: ignoring unknown Vendor ID payload [65973bcd15aada87c513d6ef825b9b96]
003 "xyz" #362: ignoring Vendor ID payload [Cisco VPN 3000 Series]
003 "xyz" #362: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
108 "xyz" #362: STATE_MAIN_I3: sent MI3, expecting MR3
003 "xyz" #362: received Vendor ID payload [Dead Peer Detection]
004 "xyz" #362: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
117 "xyz" #363: STATE_QUICK_I1: initiate
004 "xyz" #363: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x57616a62 <0x6ac07c19 xfrm=3DES_0-HMAC_SHA1
NATOA=none NATD=none DPD=none}

conn xyz
         auth=esp
         authby=secret
         auto=start
         esp=3des-sha1
         ike=3des-sha1
         keyexchange=ike
         keyingtries=0
         left=xxx.xxx.xxx.xxx
         leftsubnet=192.0.2.46/32
         pfs=yes
         right=RRR.RRR.RRR.RRR
         rightsubnet=SSS.SSS.0.0/16
         type=tunnel