[Openswan Users] CentOS5 + Draytek 2820 pings only one way

John Crisp jcrisp at safeandsoundit.co.uk
Fri Feb 15 07:33:00 EST 2013 

On 15/02/13 12:49, Paul Overton wrote:
> Have you specified the following on your Centos machine?
> 
> leftsourceip
>               the  IP  address  for this host to use when transmitting a packet to the other side of this
>               link. Relevant only locally, the other end need not agree. This option is used to make  the
>               gateway  itself use its internal IP, which is part of the leftsubnet, to communicate to the
>               rightsubnet or right. Otherwise, it will use its nearest IP address, which is its public IP
>               address.  This  option  is mostly used when defining subnet-subnet connections, so that the
>               gateways can talk to each other and the subnet at the other end, without the need to  build
>               additional host-subnet, subnet-host and host-host tunnels.
> 
> I have not tried this with Centos, but you never know.
> 

Hi Paul,

I think I got that right as per the config below :

L.C. is Left CentOS
R.D. is Right Draytek


Config is as below. I am pretty sure it is something to do with the
CentOS/OpenSwan box not routing properly, but not sure how to get it right.

The Draytek has it figured out.

I know there are a lot of people using Drayteks and this config. Just
me that can't figure it out !

B. Rgds
John


# basic configuration
config setup
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=all
	plutodebug="control parsing"
	interfaces=%defaultroute
	myid=L.C.98.24
	nat_traversal=yes
	oe=no
	protostack=netkey
	syslog=syslog.debug
	virtual_private=%v4:10.0.0.0/24,%v4:192.168.99.0/24

conn net-to-net
	type=tunnel
	connaddrfamily=ipv4
	authby=secret
	auto=start
	compress=no
	ike=3des-sha1,des-md5
	phase2alg=3des-sha1,des-md5
	phase2=esp
	ikelifetime=3600s
	keyexchange=ike
	keylife=28800s
	keyingtries=%forever
	left=%defaultroute
	leftsourceip=192.168.99.1 # Server local address
	leftid=L.C.98.24          # Server public IP
	leftsubnet=192.168.99.0/24
	pfs=no
	dpdaction=restart
	right=R.D.128.243         # Router public IP
	rightid=R.D.128.243       # Router public IP
	rightsourceip=10.0.0.251  # Router local address
	rightsubnet=10.0.0.0/24

More information about the Users mailing list