[Openswan Users] phase2 failed on 0.0.0.0/0 case

Ozai ozai.tien at gmail.com
Thu Jan 24 01:06:53 EST 2013


Dear Sirs,

My test environment is openswan 2.6.38 with embedded linux as below.
192.168.1.x---------test1(openswan 172.17.21.80)-----------test2(openswan 172.17.21.81)--------192.168.2.x

I would like to let all package traffic pass through the VPN tunnel from test2 to test1.So my configuration are as below.It did not work.
Could someone share his experience?Do I have any problem on my configuration?thank's a lot.

Configuration for test2=========================================
config setup
                nat_traversal=no
                oe=off
                protostack=netkey
                interfaces=%defaultroute

conn test
                left=172.17.21.81
                leftsubnet=192.168.2.0/24
                rightsubnet=0.0.0.0/0
                connaddrfamily=ipv4
                right=172.17.21.80
                keyexchange=ike
                ike=3des-md5;modp1024!
                salifetime=480m
                phase2=esp
                phase2alg=3des-hmac_md5!;modp1024
                pfs=yes
                ikelifetime=60m
                type=tunnel
                authby=secret
                auto=add

conn passthr
                left=172.17.21.81
                right=0.0.0.0
                leftsubnet=192.168.2.0/24
                rightsubnet=192.168.2.0/24
                type=passthrough
                authby=never
                auto=route
command ==> ipsec setup start --> ipsec auto --up test -> ipsec auto --route passthr



Configuration for test1=========================================
config setup
                nat_traversal=no
                oe=off
                protostack=netkey
                interfaces=%defaultroute

conn test
                left=172.17.21.80
                leftsubnet=192.168.1.0/24
                rightsubnet=192.168.2.0/24
                connaddrfamily=ipv4
                right=172.17.21.81
                keyexchange=ike
                ike=3des-md5;modp1024!
                salifetime=480m
                phase2=esp
                phase2alg=3des-hmac_md5!;modp1024
                pfs=yes
                ikelifetime=60m
                type=tunnel
                authby=secret
                auto=add

command ==> ipsec setup start --> ipsec auto --up test


Best Regards,
Ozai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130124/f6dd7842/attachment.html>


More information about the Users mailing list