I am trying to set up an IPSec tunnel between two sites. One site puts the route into the routing table OK, but the other side won't.
Running "ipsec auto --status" and "route -n" for the good side give the detail below. Note that for the good side, the line containing the word "policy" shows the interface as ppp0 erouted, but that the otherone shows eth1 unrouted. The eth1 is correct, but I just cannot work out how to get the routing table set up. # ipsec auto --status 000 interface ipsec0/ppp0 144.137.43.76 000 000 "WD_WN": 192.168.43.0/24===144.137.43.76[@atelwn.atel.com.au]---172.31.22.24... 000 "WD_WN": ...202.129.91.245[@atelwd.atel.com.au]===192.168.42.0/24 000 "WD_WN": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "WD_WN": policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; interface: ppp0; erouted 000 "WD_WN": newest ISAKMP SA: #1; newest IPsec SA: #2; eroute owner: #2 000 000 #2: "WD_WN" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28043s; newest IPSEC; eroute owner 000 #2: "WD_WN" [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 000 #1: "WD_WN" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2601s; newest ISAKMP # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.31.22.24 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 172.31.22.24 0.0.0.0 255.255.255.255 UH 0 0 0 ipsec0 203.17.235.125 0.0.0.0 255.255.255.255 UH 0 0 0 ppp1 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.42.0 172.31.22.24 255.255.255.0 UG 0 0 0 ipsec0 192.168.43.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 172.31.22.24 0.0.0.0 UG 0 0 0 ppp0 but for the bad side the details are: # ipsec auto --status 000 interface ipsec0/eth1 202.129.91.245 000 000 "WD_WN" instance: 192.168.42.0/24===202.129.91.245[@atelwd.atel.com.au]---172.24.158.129... 000 "WD_WN" instance: ...144.137.43.76[@atelwn.atel.com.au]===192.168.43.0/24 000 "WD_WN" instance: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1 000 "WD_WN" instance: policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; interface: eth1; unrouted 000 "WD_WN" instance: newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner: #0 000 "WD_WN": 192.168.42.0/24===202.129.91.245[@atelwd.atel.com.au]---172.24.158.129... 000 "WD_WN": ...%any[@atelwn.atel.com.au]===192.168.43.0/24 000 "WD_WN": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1 000 "WD_WN": policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS; interface: eth1; unrouted 000 "WD_WN": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 000 #2: "WD_WN":144.137.43.76 STATE_QUICK_R1 (sent QR1, inbound IPsec SA installed, expecting QI2); EVENT_RETRANSMIT in 16s 000 #1: "WD_WN":144.137.43.76 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 3316s; newest ISAKMP # route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 202.129.91.246 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 172.24.158.129 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 139.130.60.65 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0 203.44.224.112 0.0.0.0 255.255.255.252 U 0 0 0 eth0 202.129.91.244 0.0.0.0 255.255.255.252 U 0 0 0 eth1 202.129.91.244 0.0.0.0 255.255.255.252 U 0 0 0 ipsec0 192.168.42.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 172.24.158.129 0.0.0.0 UG 0 0 0 eth1 -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "I believe that forgiving them [terrorists] is God's function. Our job is simply to arrange the meeting." - General "Storm'n" Norman Schwartzkopf -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
