by Hi, there
I'm a newbie on ipsec. When I setup a VPN connection and ping for
test, I always get these errors:
-------------------------------------------------------------------------
Jun 25 15:44:02 penp2 kernel: klips_debug:ipsec_findroute:
208.164.186.1->192.168.1.22
Jun 25 15:44:02 penp2 kernel: klips_debug:rj_match: * See if we match
exactly as a host destination
....
Jun 25 15:44:02 penp2 kernel: klips_debug:ipsec_tunnel_start_xmit:
shunt SA of DROP or no eroute: dropping.
-------------------------------------------------------------------------
Here is part of my ipsec barf:
-------------------------------------------------------------------------
+ _________________________ proc/net/ipsec_eroute
+ sort +3 /proc/net/ipsec_eroute
0 192.168.0.0/24 -> 192.168.1.0/24 => %trap
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
192.168.1.0 208.164.186.2 255.255.255.0 UG 40 0
0 ipsec0
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0
0 eth0
208.164.186.0 0.0.0.0 255.255.255.0 U 40 0
0 eth1
208.164.186.0 0.0.0.0 255.255.255.0 U 40 0
0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0
0 lo
0.0.0.0 192.168.0.1 0.0.0.0 UG 40 0
0 eth0
...
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth1 208.164.186.1
000
000 "vpn": 192.168.0.0/24===208.164.186.1...208.164.186.2===192.168.1.0/24
000 "vpn": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 1
000 "vpn": policy: RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK;
interface: eth1; trap erouted
000 "vpn": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner:
#0
000
+ _________________________ ifconfig-a
-------------------------------------------------------------------------
can anyone tell me how to solve this problem?
Thanks a lot
Victor