[Openswan Users] Tunnel built but no routes
Dan August
danaug23 at gmail.com
Wed Jan 13 15:53:58 EST 2016
Hello,
I'm creating what should be a simple VPN from a linux box to a Fortigate
Firewall. Everything seems to be up and established(I can see the session
built in the Fortigate and the Linux machine), but I'm not seeing any
routes in my routing table(also no tunnel/ipsec interface). I would like
to tunnel all traffic(not required) from the linux box to the Fortigate.
Let me know what other information would be helpful. Thank you for your
help!
ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.38/K3.13.0-48-generic (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [OK]
[OK]
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [WARNING]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
------------------------------------------------
service ipsec status
IPsec running - pluto pid: 6986
pluto pid 6986
1 tunnels up
some eroutes exist
------------------------------------------------
cat /etc/ipsec.conf
# basic configuration
config setup
nat_traversal=yes
virtual_private=%v4:192.168.0.0/16
oe=off
protostack=netkey
------------------------------------------------
cat /etc/ipsec.d/linux-fortigate.conf
conn LinuxFortigate
type=tunnel
authby=secret
pfs=yes
ike=aes128-sha1
phase2alg=aes128-sha1
#ike=3des-md5
#phase2alg=3des-md5
aggrmode=no
keylife=86400s
ikelifetime=28800s
left=LEFT PUBLIC IP
leftnexthop=%defaultroute
leftsubnet=192.168.25.175/32
right=RIGHT PUBLIC IP
rightnexthop=%defaultroute
rightsubnet=0.0.0.0/0
auto=start
------------------------------------------------
netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
0.0.0.0 GATEWAY 0.0.0.0 UG 0 0 0 eth0
PUBLIC IP 0.0.0.0 255.255.240.0 U 0 0 0 eth0
------------------------------------------------
ip xfrm state
src FORTIGATE dst LINUX
proto esp spi 0xdd25af12 reqid 16385 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha1) 0x8de9a0f329851a2b78aa6dc47c72d1d32f0dc4d7 96
enc cbc(aes) 0x0d4ada3372a3001f7033e63409508020
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
src LINUX dst FORTIGATE
proto esp spi 0xff6dd9ba reqid 16385 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(sha1) 0x2d9fe5a9d38fffee9f0e24dfccdcf77190e48760 96
enc cbc(aes) 0x0d98dec84f1e3fabc1888cfadccfddfa
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160113/2e81e2e2/attachment.html>
More information about the Users
mailing list