[Openswan Users] routing problem? from left side
Trushin Igor
igortru at mail.ru
Tue Dec 10 04:14:41 UTC 2013
Hi.
I have problem - tunnel up, but "left" side not ping (and telnet port) to rigth side. Trafic from "right" to "left" side all ok.
extip_cisco=IP cisco
extip_linux=IP Linux
shema:
10.0.0.0/21<----->eth0-(Linux 2.6.23.17-88.fc7)-eth1--<extip_linux>-------(ipsec)---------<extip_cisco>-----<cisco>-----<192.168.0.0/16>
cat /etc/ipsec.conf
config setup
include /etc/ipsec.d/*.conf
cat /etc/ipsec.d/shlum.conf
conn shlum
type=tunnel
authby=secret
left=extip_linux
leftsubnet=10.0.0.0/21
leftsourceip=extip_linux
right=extip_cisco
rightsubnet=192.168.0.0/16
leftid=extip_linux
leftnexthop=%defaultroute
rightid=extip_cisco
rightnexthop=%direct
pfs=no
forceencaps = yes
ike = aes128-sha1,aes128-md5,3des-md5,3des-sha1
esp = aes128-md5,aes128-sha1,aes256,3des-md5,3des
keyexchange = ike
auto=start
service ipsec start
Starting Openswan IPsec 2.4.7
service ipsec status
IPsec running - pluto pid: 17736
pluto pid 17736
1 tunnels up
route -n
[root at gw ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
(extip_linux-2) 0.0.0.0 255.255.255.248 U 0 0 0 eth1
10.0.17.0 10.0.0.11 255.255.255.0 UG 0 0 0 eth0
10.8.1.0 10.0.0.11 255.255.255.0 UG 0 0 0 eth0
10.0.12.0 10.0.0.11 255.255.255.0 UG 0 0 0 eth0
10.0.13.0 10.0.0.11 255.255.255.0 UG 0 0 0 eth0
10.0.14.0 10.0.0.11 255.255.255.0 UG 0 0 0 eth0
10.0.15.0 10.0.0.11 255.255.255.0 UG 0 0 0 eth0
10.0.10.0 10.0.0.11 255.255.255.0 UG 0 0 0 eth0
10.0.11.0 10.0.0.11 255.255.255.0 UG 0 0 0 eth0
10.0.4.0 10.0.0.3 255.255.252.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
192.168.0.0 extip_linux-1 255.255.0.0 UG 0 0 0 eth1
128.0.0.0 extip_linux-1 128.0.0.0 UG 0 0 0 eth1
0.0.0.0 extip_linux-1 0.0.0.0 UG 0 0 0 eth1
ip xfrm policy
src 192.168.0.0/16 dst 10.0.0.0/21
dir in priority 2448 ptype main
tmpl src extip_cisco dst extip_linux
proto esp reqid 16385 mode tunnel
src 10.0.0.0/21 dst 192.168.0.0/16
dir out priority 2448 ptype main
tmpl src extip_linux dst extip_cisco
proto esp reqid 16385 mode tunnel
src 192.168.0.0/16 dst 10.0.0.0/21
dir fwd priority 2448 ptype main
tmpl src extip_cisco dst extip_linux
proto esp reqid 16385 mode tunnel
ip xfrm state
src extip_linux dst extip_cisco
proto esp spi 0x87ff9df7 reqid 16385 mode tunnel
replay-window 32
auth hmac(sha1) 0x56272c16c736f8a57ef7eb54ab8331c84f528839
enc cbc(aes) 0xcf9c91365cb338c7c6867f073619b15d37842f2093a4dcdb212752b3bca3ba67
sel src 0.0.0.0/0 dst 0.0.0.0/0
src extip_cisco dst extip_linux
proto esp spi 0xd81dc534 reqid 16385 mode tunnel
replay-window 32
auth hmac(sha1) 0xfb5e1daaa3fca7d475af8db684ed60739ba10df3
enc cbc(aes) 0xe64c534709e97f87167aac535c02bc951af1fb5eed2604f782dea264d9d1e79e
sel src 0.0.0.0/0 dst 0.0.0.0/0
[root at gw ~]# traceroute 192.168.8.1
traceroute to 192.168.8.1 (192.168.8.1), 30 hops max, 40 byte packets
1 extip_linux-1.permonline.ru (extip_linux-1) 1.171 ms 1.065 ms 0.997 ms
2 90.150.2.26 (90.150.2.26) 1.152 ms 1.361 ms 1.574 ms
3 90.150.2.26 (90.150.2.26) 1.551 ms 1.509 ms 1.699 ms
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
ping 192.168.8.1
PING 192.168.8.1 (192.168.8.1) 56(84) bytes of data.
--- 192.168.8.1 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7000ms
in /var/log/messages, i see error message
kernel: ICMP: 192.168.8.1: Source Route Failed.
ps. rigth side from cisco ping left well ok.
how fix problem?
Thanks.
----
Trushin Igor
Russia | Perm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131210/8682140a/attachment.html>
More information about the Users
mailing list