From: Astrit Zhushi (astrit_at_albalinux.org)
Date: Wed Oct 09 2002 - 06:00:07 CEST
Greetings to the list,
Sorry if this kind of question has been asked,
I'm trying to setup IPsec tunnel between to offices connected through my ISP's net here is the situation
LAN10.2.0.0/24---10.2.0.254----192.168.144.254----ISPNETWORK----10.24.254.19---10.254.254.254--LAN10.254.254.0/24
So on the bothsides I have a router with two interfaces eth0 192.168.144.254 which is wireless link connected
to my isp network and eth1 10.2.0.254 is the interface to connect my LAN, same on the other side. From the 192.168.144.254
I can ping the other side router 10.24.254.19.
here is my ipsec.conf
interfaces="ipsec0=eth0"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
conn vpn
left=10.24.254.19
right=192.168.144.254
leftsubnet=10.254.254.0/24
rightsubnet=10.2.0.0/24
leftnexthop=10.254.254.254
rightnexthop=10.2.0.254
leftid=10.254.254.254
rightid=10.254.254.254
leftrsasigkey=0sAQNL.....
rightrsasigkey=0sAQNh....
auto=add
authby=rsasig
keyingtries=0
When I start I get the following:
Office01 ipsec # ipsec auto --up vpn
104 "vpn" #1: STATE_MAIN_I1: initiate
010 "vpn" #1: STATE_MAIN_I1: retransmission; will wait 20s for response
106 "vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "vpn" #1: STATE_MAIN_I4: ISAKMP SA established
112 "vpn" #2: STATE_QUICK_I1: initiate
003 "vpn" #2: route-client command exited with status 7
032 "vpn" #2: STATE_QUICK_I1: internal error
"vpn" #2: route-client output: /usr/lib/ipsec/_updown: `route add -net
10.2.0.0 netmask 255.255.255.0 dev ipsec0 gw 10.254.254.254' failed ...
"vpn" #2: route-client output: /usr/lib/ipsec/_updown: `route add -net
10.2.0.0 netmask 255.255.255.0 dev ipsec0 gw 10.254.254.254' failed....
Ok from this I can understand that 10.2.0.0/24 is unreachable which is
very true, because my 10.2.0.0/24 is not routed through my ISPs network.
Is IPsec suposed to do IP encapsulation to encapsulate the 10.2.0.0/24
on 192.168.144.254?, or is there a way to do on IPsec like for example
ip route add 10.2.0.0/24 via 10.24.254.19 dev ipsec0 onlink like I do
for my GRE Tunnels which works fine
or am I missing something ??? I also tried IPsec over GRE tunnels so far
no luck
I'm running Gentoo Linux on both sides FreeS/WAN 1.98b
Grupi Shqiptar i Shfrytezuesve te Linux - Albanian Linux Users Group
====================================================================================
www.albalinux.org GSSL-AlbaLug
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Oct 11 2002 - 05:20:23 CEST