[Openswan Users] phase2 failed on 0.0.0.0/0 case
Ozai
ozai.tien at gmail.com
Thu Jan 24 01:06:53 EST 2013
Dear Sirs,
My test environment is openswan 2.6.38 with embedded linux as below.
192.168.1.x---------test1(openswan 172.17.21.80)-----------test2(openswan 172.17.21.81)--------192.168.2.x
I would like to let all package traffic pass through the VPN tunnel from test2 to test1.So my configuration are as below.It did not work.
Could someone share his experience?Do I have any problem on my configuration?thank's a lot.
Configuration for test2=========================================
config setup
nat_traversal=no
oe=off
protostack=netkey
interfaces=%defaultroute
conn test
left=172.17.21.81
leftsubnet=192.168.2.0/24
rightsubnet=0.0.0.0/0
connaddrfamily=ipv4
right=172.17.21.80
keyexchange=ike
ike=3des-md5;modp1024!
salifetime=480m
phase2=esp
phase2alg=3des-hmac_md5!;modp1024
pfs=yes
ikelifetime=60m
type=tunnel
authby=secret
auto=add
conn passthr
left=172.17.21.81
right=0.0.0.0
leftsubnet=192.168.2.0/24
rightsubnet=192.168.2.0/24
type=passthrough
authby=never
auto=route
command ==> ipsec setup start --> ipsec auto --up test -> ipsec auto --route passthr
Configuration for test1=========================================
config setup
nat_traversal=no
oe=off
protostack=netkey
interfaces=%defaultroute
conn test
left=172.17.21.80
leftsubnet=192.168.1.0/24
rightsubnet=192.168.2.0/24
connaddrfamily=ipv4
right=172.17.21.81
keyexchange=ike
ike=3des-md5;modp1024!
salifetime=480m
phase2=esp
phase2alg=3des-hmac_md5!;modp1024
pfs=yes
ikelifetime=60m
type=tunnel
authby=secret
auto=add
command ==> ipsec setup start --> ipsec auto --up test
Best Regards,
Ozai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130124/f6dd7842/attachment.html>
More information about the Users
mailing list