[Openswan Users] routing problem? from left side

Simon Deziel simon at xelerance.com
Tue Dec 10 13:28:02 UTC 2013


Hi Trushin,

On 13-12-09 11:14 PM, Trushin Igor wrote:
> Hi.
> 
> I have problem - tunnel up, but "left" side not ping (and telnet port)
> to rigth side. Trafic from "right" to "left" side all ok.
> 
> extip_cisco=IP cisco
> extip_linux=IP Linux
> 
> shema:
> 
> 10.0.0.0/21<----->eth0-(Linux 
> 2.6.23.17-88.fc7)-eth1--<extip_linux>-------(ipsec)---------<extip_cisco>-----<cisco>-----<192.168.0.0/16>
> 
> cat /etc/ipsec.conf
>       config setup
>      include /etc/ipsec.d/*.conf
> cat /etc/ipsec.d/shlum.conf
> 
> 
> conn shlum
>         type=tunnel
>         authby=secret
>         left=extip_linux
>         leftsubnet=10.0.0.0/21
>         leftsourceip=extip_linux

If you want the left IPsec peer to be able to ping the other side, set
the leftsourceip to the IP of eth0 (ex: 10.0.0.1).

>         right=extip_cisco
>         rightsubnet=192.168.0.0/16
>         leftid=extip_linux
>         leftnexthop=%defaultroute
>         rightid=extip_cisco
>         rightnexthop=%direct
>         pfs=no
>         forceencaps = yes
>         ike = aes128-sha1,aes128-md5,3des-md5,3des-sha1
>         esp = aes128-md5,aes128-sha1,aes256,3des-md5,3des
>         keyexchange = ike
>         auto=start
> 
> 
> service ipsec start
>            Starting Openswan IPsec 2.4.7

This as well as Fedora Core 7 is extremely outdated and contains
vulnerabilities. I'd recommend upgrading ASAP.

Regards,
Simon


More information about the Users mailing list