[Openswan Users] routing problem? from left side
Simon Deziel
simon at xelerance.com
Tue Dec 10 13:28:02 UTC 2013
Hi Trushin,
On 13-12-09 11:14 PM, Trushin Igor wrote:
> Hi.
>
> I have problem - tunnel up, but "left" side not ping (and telnet port)
> to rigth side. Trafic from "right" to "left" side all ok.
>
> extip_cisco=IP cisco
> extip_linux=IP Linux
>
> shema:
>
> 10.0.0.0/21<----->eth0-(Linux
> 2.6.23.17-88.fc7)-eth1--<extip_linux>-------(ipsec)---------<extip_cisco>-----<cisco>-----<192.168.0.0/16>
>
> cat /etc/ipsec.conf
> config setup
> include /etc/ipsec.d/*.conf
> cat /etc/ipsec.d/shlum.conf
>
>
> conn shlum
> type=tunnel
> authby=secret
> left=extip_linux
> leftsubnet=10.0.0.0/21
> leftsourceip=extip_linux
If you want the left IPsec peer to be able to ping the other side, set
the leftsourceip to the IP of eth0 (ex: 10.0.0.1).
> right=extip_cisco
> rightsubnet=192.168.0.0/16
> leftid=extip_linux
> leftnexthop=%defaultroute
> rightid=extip_cisco
> rightnexthop=%direct
> pfs=no
> forceencaps = yes
> ike = aes128-sha1,aes128-md5,3des-md5,3des-sha1
> esp = aes128-md5,aes128-sha1,aes256,3des-md5,3des
> keyexchange = ike
> auto=start
>
>
> service ipsec start
> Starting Openswan IPsec 2.4.7
This as well as Fedora Core 7 is extremely outdated and contains
vulnerabilities. I'd recommend upgrading ASAP.
Regards,
Simon
More information about the Users
mailing list