[Openswan Users] When IPSec tunnel up, cannot communicate with local LAN

Neal Murphy neal.p.murphy at alum.wpi.edu
Wed Oct 1 13:00:22 EDT 2014

> From: "Peter McGill" <petermcgill at goco.net>
> Subject: When IPSec tunnel up, cannot communicate with local LAN
> Date: October 1, 2014 at 10:56:55 AM GMT-4
> To: <users at lists.openswan.org>
> I’m running on Debian Wheezy (Current Stable).
> When  I stop openswan (service ipsec stop).
> I can ping and communicate with the local LAN
> When I start openswan (service ipsec start).
> I can ping the remote LAN but not the local LAN.
> The remote LAN and local LAN can communicate (through the openswan server).
> But the openswan server cannot communicate with the local LAN.
> It’s not firewall related, it happens without any iptables rules.
> I’ve had similar configurations working in the past and I’m puzzled…
> /etc/ipsec.conf:
> version 2.0
> config setup
>         oe=off
>         protostack=netkey
> conn goco
>         ike=aes128-sha1-modp1536
>         esp=aes128-sha1
>         left=
>         leftsubnet=
>         leftsourceip=
>         right=
>         rightsubnet=
>         dpddelay=30
>         dpdtimeout=120
>         dpdaction=restart
>         authby=secret
>         auto=start
> ...
> It appears that the server is trying to route the local LAN packet out the
> tunnel. But I have no idea why, the route’s look ok, the most specific
> route goes to the local LAN (eth2).

Are you sure overlapping right and left subnets are supposed to work?

More information about the Users mailing list