Hello,
I have a problem getting FreeS/WAN to run on my Linux server.
I'm using SuSE 7.2 with a self-compiled 2.4.16 kernel and a manual
installation of freeswan 1.97 as a module.
Everything compiled fine, but when trying to build a connection, I get a
"Network is unreachable" error from route-host.
I am completely sure about the gateway, all communications without freeswan
are working.
I noticed that the ipsec0 interface has "Ethernet" as Link encap entry and the
same HW addr as the actual network card in ifconfig, whereas at home (where
everything seems to work) it's "IPIP Tunnel" and no hardware address. I
thought, that could be the reason for the error, but I don't know how to
change that.
My configuration is as follows:
-----------------------------------------------------------------------
Server IP is se.r.v.er
Server's Gateway IP is ga.te.wa.y
Server's HW addrass is HA:RD:WA:RE:AD:DR
Road Warrior IP is ro.ad.war.rior
(numbers replaced by a query/replace)
-----------------------------------------------------------------------
/etc/ipsec.conf:
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=1
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=0sAQN8oi...
left=se.r.v.er
leftid=@myserver
leftnexthop=ga.te.wa.y
right=%any
auto=add
conn sc-norbert
rightid=@norbert
rightrsasigkey=0sAQN/2J9...
auto=add
-----------------------------------------------------------------------
/var/log/secure:
Date Hour:38:45 p10089504 ipsec__plutorun: Starting Pluto subsystem...
Date Hour:38:45 p10089504 Pluto[5821]: Starting Pluto (FreeS/WAN Version 1.97)
Date Hour:38:46 p10089504 Pluto[5821]: added connection description "sc-uni"
Date Hour:38:46 p10089504 Pluto[5821]: added connection description
"sc-norbert"
Date Hour:38:46 p10089504 Pluto[5821]: listening for IKE messages
Date Hour:38:46 p10089504 Pluto[5821]: adding interface ipsec0/eth0 se.r.v.er
Date Hour:38:46 p10089504 Pluto[5821]: loading secrets from
"/etc/ipsec.secrets"
Date Hour:38:49 p10089504 Pluto[5821]: "sc-uni" ro.ad.war.rior #1: responding
to Main Mode from unknown peer ro.ad.war.rior
Date Hour:38:49 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #1:
deleting connection "sc-uni" instance with peer ro.ad.war.rior
Date Hour:38:50 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #1: sent
MR3, ISAKMP SA established
Date Hour:38:50 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #2:
responding to Quick Mode
Date Hour:38:50 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #2:
route-host output: SIOCADDRT: Network is unreachable
Date Hour:38:50 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #2:
route-host output: /usr/local/lib/ipsec/_updown: `route add -net
ro.ad.war.rior netmask 255.255.255.255 dev ipsec0 gw ga.te.wa.y' failed
Date Hour:38:50 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #2:
route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing
nexthop setting??)
Date Hour:38:50 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #2:
route-host command exited with status 7
Date Hour:38:54 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #1:
ignoring Delete SA payload
Date Hour:38:54 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #1:
received and ignored informational message
Date Hour:38:55 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #1:
ignoring Delete SA payload
Date Hour:38:55 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #1:
received and ignored informational message
Date Hour:39:00 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #2: ERROR:
asynchronous network error report on eth0 for message to ro.ad.war.rior port
500, complainant ro.ad.war.rior: Connection refused [errno 111, origin ICMP
type 3 code 3 (not authenticated)]
Date Hour:40:00 p10089504 Pluto[5821]: "sc-norbert" ro.ad.war.rior #2: max
number of retransmissions (2) reached STATE_QUICK_R1
Date Hour:40:00 p10089504 Pluto[5821]: ERROR: "sc-norbert" ro.ad.war.rior #2:
pfkey write() of SADB_DELETE message 16 for Delete SA esp.1e711a86_at_se.r.v.er
failed. Errno 3: No such process
-----------------------------------------------------------------------
route -n:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
ga.te.wa.y 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
0.0.0.0 ga.te.wa.y 0.0.0.0 UG 0 0 0 eth0
-----------------------------------------------------------------------
ifconfig:
eth0 Link encap:Ethernet HWaddr HA:RD:WA:RE:AD:DR
inet addr:se.r.v.er Bcast:se.r.v.er Mask:255.255.255.255
UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1
RX packets:21972 errors:0 dropped:0 overruns:0 frame:0
TX packets:14073 errors:0 dropped:0 overruns:8 carrier:0
collisions:0 txqueuelen:100
RX bytes:3871235 (3.6 Mb) TX bytes:6732837 (6.4 Mb)
Interrupt:15 Base address:0x2000
ipsec0 Link encap:Ethernet HWaddr HA:RD:WA:RE:AD:DR
inet addr:se.r.v.er Mask:255.255.255.255
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:264 (264.0 b) TX bytes:264 (264.0 b)
-----------------------------------------------------------------------
lsmod:
Module Size Used by
ipsec 233472 2
8139too 12512 1 (autoclean)
-----------------------------------------------------------------------
Thank you for helping
Norbert Langermann
-- Norbert Langermann norbert_at_langermann.net PGP-PublicKey: 0x51431418 _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:15 CEST