[Openswan Users] When IPSec tunnel up, cannot communicate with local LAN
Neal Murphy
neal.p.murphy at alum.wpi.edu
Wed Oct 1 13:00:22 EDT 2014
> From: "Peter McGill" <petermcgill at goco.net>
> Subject: When IPSec tunnel up, cannot communicate with local LAN
> Date: October 1, 2014 at 10:56:55 AM GMT-4
> To: <users at lists.openswan.org>
>
>
> I’m running on Debian Wheezy (Current Stable).
> When I stop openswan (service ipsec stop).
> I can ping and communicate with the local LAN 172.21.2.0/24
> When I start openswan (service ipsec start).
> I can ping the remote LAN but not the local LAN.
> The remote LAN and local LAN can communicate (through the openswan server).
> But the openswan server cannot communicate with the local LAN.
> It’s not firewall related, it happens without any iptables rules.
>
> I’ve had similar configurations working in the past and I’m puzzled…
>
> /etc/ipsec.conf:
> version 2.0
> config setup
> oe=off
> protostack=netkey
>
> conn goco
> ike=aes128-sha1-modp1536
> esp=aes128-sha1
> left=162.53.19.209
> leftsubnet=172.21.2.0/24
> leftsourceip=172.21.2.1
> right=207.223.232.56
> rightsubnet=172.21.0.0/20
> dpddelay=30
> dpdtimeout=120
> dpdaction=restart
> authby=secret
> auto=start
>
> ...
>
> It appears that the server is trying to route the local LAN packet out the
> tunnel. But I have no idea why, the route’s look ok, the most specific
> route goes to the local LAN (eth2).
Are you sure overlapping right and left subnets are supposed to work?
More information about the Users
mailing list