[Openswan Users] VPN not routing after tunnel is up
Dan
danaug23 at gmail.com
Wed Jan 13 14:43:47 EST 2016
Hello,
I'm creating what should be a simple VPN from a linux box to a
Fortigate Firewall. Everything
seems to be up and established(I can see the session built in the
Fortigate and the Linux machine),
but I'm not seeing any routes in my routing table. I would like to
tunnel all traffic(not required)
from the linux box to the Fortigate. Let me know what other information
would be helpful. Thank you
for your help!
ipsec verify
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.38/K3.13.0-48-generic (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash
[WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support
[DISABLED]
------------------------------------------------
service ipsec status
IPsec running - pluto pid: 6986
pluto pid 6986
1 tunnels up
some eroutes exist
------------------------------------------------
cat /etc/ipsec.conf
# basic configuration
config setup
nat_traversal=yes
virtual_private=%v4:192.168.0.0/16
oe=off
protostack=netkey
------------------------------------------------
cat /etc/ipsec.d/linux-fortigate.conf
conn LinuxFortigate
type=tunnel
authby=secret
pfs=yes
ike=aes128-sha1
phase2alg=aes128-sha1
#ike=3des-md5
#phase2alg=3des-md5
aggrmode=no
keylife=86400s
ikelifetime=28800s
left=LEFT PUBLIC IP
leftnexthop=%defaultroute
leftsubnet=192.168.25.175/32
right=RIGHT PUBLIC IP
rightnexthop=%defaultroute
rightsubnet=0.0.0.0/0
auto=start
------------------------------------------------
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
0.0.0.0 GATEWAY 0.0.0.0 UG 0 0 0
eth0
PUBLIC IP 0.0.0.0 255.255.240.0 U 0 0 0
eth0
------------------------------------------------
ip xfrm state
src FORTIGATE dst LINUX
proto esp spi 0xdd25af12 reqid 16385 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha1) 0x8de9a0f329851a2b78aa6dc47c72d1d32f0dc4d
7 96
enc cbc(aes) 0x0d4ada3372a3001f7033e63409508020
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
src LINUX dst FORTIGATE
proto esp spi 0xff6dd9ba reqid 16385 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha1) 0x2d9fe5a9d38fffee9f0e24dfccdcf77190e4876
0 96
enc cbc(aes) 0x0d98dec84f1e3fabc1888cfadccfddfa
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
More information about the Users
mailing list