[Openswan Users] Single interface / tunnel will not come up.

Bruce Markey bruce at secryption.com
Sat Feb 1 09:48:02 EST 2014


Thanks mike.

Tunnels are up now.

Having an issue now passing traffic.  On my cisco side this is my crytpo 
map.

access-list 160 permit ip 192.168.30.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 160 permit tcp 192.168.30.0 0.0.0.255 any eq www
access-list 160 permit tcp 192.168.30.0 0.0.0.255 any eq 443

that is to say, thats what I'm passing over.  Basically subnet to subnet 
stuff. BUt also this is being used for all web traffic. THat is not 
passing. We've narrowed it down to the openswan side I think.

I assume I have to add something to ipsec.conf for the other two acl 
lines but I have no idea what.

conn IOF
#               # Left security gateway, subnet behind it, nexthop 
toward right.
                 authby=secret
                 type=tunnel
                 left=2.2.2.2
                 #left=%defaultroute
                 #leftnexthop=%defaultroute
                 leftsubnet=192.168.10.0/24
                 leftid=2.2.2.2
                 # Right security gateway, subnet behind it, nexthop 
toward left.
                 right=1.1.1.1
                 rightsubnets=192.168.30.0/24,0.0.0.0
                 rightid=1.1.1.1
                 # To authorize this connection, but not actually start 
it,
                 # at startup, uncomment this.
                 #auto=add
                 esp=aes192-sha1
                 keyexchange=ike
                 ike=aes192-sha1
                 phase2=esp
                 #phase2alg=aes192-sha1
                 salifetime=43200s
                 pfs=yes
                 auto=start
                 dpdaction=restart

Any ideas?


-- 
Encrypt everything.
Public key: https://www.secryption.com/BruceMarkey.asc

I believe that any violation of privacy is nothing good.
Lech Walesa


More information about the Users mailing list