[Openswan Users] Weird tunnel issue

Peter McGill petermcgill at goco.net
Thu Oct 23 12:28:46 EDT 2014

Well your ipsec.conf includes files in /etc/ipsec.conf.d which you haven't
shown us, so we can't actually examine your configuration.

However, have you tried restarting and disabling the firewall (iptables
rules) to see if that fixes the problem.

Peter McGill
519-284-3420 x204

-----Original Message-----
Date: Wed, 22 Oct 2014 14:00:11 -0700
From: "Jason J. W. Williams" <jasonjwwilliams at gmail.com>
To: users at lists.openswan.org
Subject: [Openswan Users] Weird tunnel issue
	<CAHZAEpceRYd-EBco6_yPw=G9p88aCvY3ZeAb3Q+saqbaGo6VCg at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8


We've had a weird issue where the tunnel had been up for several days
and then suddenly refused to route packets over the tunnel (couldn't
ping). The tunnel according to "ipsec auto --status" was up. The other
side is a Fortigate 200B and it also agreed the tunnel was up. But it
refused to send traffic over the tunnel. Tried toggling the tunnel
down and then up from both ends, and while the tunnel re-established
still couldn't route. Only thing that corrected it was rebooting the
box running the OpenSWAN client.

Client is an Ubuntu 14.04.1 x64 box:
# ipsec --version
Linux Openswan U2.6.38/K3.13.0-37-generic (netkey)

ipsec.conf: https://gist.github.com/williamsjj/4dc00138e62697aec602
tunnel config: https://gist.github.com/williamsjj/910adcc5a071fc130b30

Any help is greatly appreciated.


More information about the Users mailing list