Openswan IP 隧道不传输流量

我已经让这个隧道正常工作了，但现在我需要添加另外两个 IP 10.50.240.48/28 和 10.50.96.0/20。我在 openswan 配置中正确设置了左子网和右子网以及左子网和右子网。它已经正常工作了，但我刚刚添加了两个段：

leftsubnets=    {10.122.91.0/24 10.153.136.0/24 10.50.240.48/28 10.50.96.0/20 10.37.200.0/24 10.53.221.0/24}

然后，由于我的 shorewall 防火墙已配置为接受来自该隧道的流量，我只需要在 /etc/shorewall/interfaces 中为两个添加的 ip 地址添加两个广播：

#ZONE   INTERFACE   BROADCAST   OPTIONS
...
vpn2    tun2        10.122.91.255,10.153.139.255,10.50.240.63,10.50.111.255,10.37.200.255,10.53.221.255  

以下是 ipsec auto --status 的一些输出：

000 #993: "wyless/1x0" [email protected] esp.c50b26e3@myip [email protected] tun.0@myip ref=0 refhim=4294901761
000 #977: "wyless/1x0":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1618s; newest ISAKMP; lastdpd=59s(seq in:0 out:0); idle; import:admin initiate
000 #994: "wyless/2x0":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27432s; newest IPSEC; eroute owner; isakmp#977; idle; import:admin initiate
000 #994: "wyless/2x0" [email protected] esp.30d47987@myip [email protected] tun.0@myip ref=0 refhim=4294901761
000 #995: "wyless/3x0":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 26959s; newest IPSEC; eroute owner; isakmp#977; idle; import:admin initiate
000 #995: "wyless/3x0" [email protected] esp.1b465e60@myip [email protected] tun.0@myip ref=0 refhim=4294901761
000 #551: "wyless/4x0":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 5719s; newest IPSEC; eroute owner; isakmp#542; idle; import:not set
000 #551: "wyless/4x0" [email protected] esp.5b253e7a@myip [email protected] tun.0@myip ref=0 refhim=4294901761
000 #996: "wyless/5x0":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27444s; newest IPSEC; eroute owner; isakmp#977; idle; import:admin initiate
000 #996: "wyless/5x0" [email protected] esp.ceb8c9d5@myip [email protected] tun.0@myip ref=0 refhim=4294901761
000 #559: "wyless/6x0":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 5076s; newest IPSEC; eroute owner; isakmp#542; idle; import:admin initiate
000 #559: "wyless/6x0" [email protected] esp.3b11db56@myip [email protected] tun.0@myip ref=0 refhim=4294901761
000  

知道如何进一步排除此故障吗？