Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] FreeSWAN to FreeSWAN problems continue

From: Vasiliy Boulytchev (vasiliy_at_boulytcheva.com)
Date: Tue May 07 2002 - 02:53:31 CEST

Next message: Administrator_at_mail.freeswan.org: "[Users] ScanMail Message: To Recipient file blocking settings matched and action taken."
Previous message: johan: "Re: [Users] white spaces in leftid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ladies and Gents,
I'm still having trouble bringing up 2 FreeSWAN gateways and having them establish a tunnel between the two protected LANs.
when I tail /var/log/secure on GATEWAY1, this is the error message i get,

May 6 14:15:15 bluespruce Pluto[26822]: "mike" hiswanip #10: cannot respond to IPsec SA request because no connection is known for mywanip[C=US, ST=Colorado, L=Colorado Springs, O=Colorado Information Technologies, Inc., OU=ISP, CN=BlueSpruce, E=admin_at_bluespruce.coinfotech.com]...hiswanip[C=US, ST=CO, L=COlorado springs, O=CIT, OU=ISP, CN=mike, E=mflynn_at_coinfotech.com]===192.168.168.0/24

Here's a quick diagram

10.0.0.0/24 ======mywanip=========hiswanip=============192.168.168.0/24

THANKS FOR YOUR HELP

FROM GATEWAY1
conn mike
        right=hiswanip
        rightcert=mflynn.coinfotech.com.pem
        leftcert=bluespruce.coinfotech.com.pem
        rightsubnet=192.168.168.0/24

FROM GATEWAY2
conn mike
        left=mywanip
        leftcert=bluespruce.coinfotech.com.pem
        leftrsasigkey=%cert
        rightcert=mflynn.coinfotech.com.pem
        leftsubnet=10.0.0.0/24

When I start ipsec on both sides, i get no errors in /var/log/messages or /var/log/daemons/errors or /var/log/secure
I'm sure i'm missing a single statement somewhere......
here are the %defaults from each gateway, in case you wanted them.
GATEWAY1
conn %default
        keyingtries=1
        keyexchange=ike
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        type=tunnel
        left=209.12.32.66
        leftnexthop=209.12.32.65
        leftsubnet=10.0.0.0/24
        ikelifetime=240m
        keylife=60m
        pfs=yes
        compress=no
        auto=add
        disablearrivalcheck=no

GATEWAY2
conn %default
        keyingtries=0
        keyexchange=ike
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        type=tunnel
        right=206.27.133.212
        rightnexthop=206.27.133.1
        rightsubnet=192.168.168.0/24
        ikelifetime=240m
        keylife=60m
        pfs=yes
        compress=no
        auto=add
        disablearrivalcheck=no

THANKS AGAIN,
Vasiliy Boulytchev
Colorado Information Technologies Inc.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Administrator_at_mail.freeswan.org: "[Users] ScanMail Message: To Recipient file blocking settings matched and action taken."
Previous message: johan: "Re: [Users] white spaces in leftid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST