From: Astrit Zhushi (astrit_at_albalinux.org)
Date: Thu Oct 10 2002 - 14:26:03 CEST
Thx Sam I did the changes and everything works, seems like I
missunderstoot the concept of the left and right nexthop ;)
Thanks in advanced
On Thu, 2002-10-10 at 01:33, Sam Sgro wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On 9 Oct 2002, Astrit Zhushi wrote:
>
> *gratuitously edited*
>
> > LAN10.2.0.0/24---10.2.0.254----192.168.144.254----ISPNETWORK----10.24.254.19---10.254.254.254--LAN10.254.254.0/24
> >
> > conn vpn
> > left=10.24.254.19
> > right=192.168.144.254
> >
> > leftnexthop=10.254.254.254
> > rightnexthop=10.2.0.254
>
> leftnexthop is meant to represent left's next hop towards right; this
> machine would reside on your ISP's network. Instead you have specified left's
> internal IP address, which is what's causing this problem:
>
> > "vpn" #2: route-client output: /usr/lib/ipsec/_updown: `route add -net
> > 10.2.0.0 netmask 255.255.255.0 dev ipsec0 gw 10.254.254.254' failed ...
>
> Instead, either use "interfaces=%defaultroute" and
> "left/right=%defaultroute" if you can - RTFM page for ipsec.conf - or correct
> these definitions.
>
> > leftid=10.254.254.254
> > rightid=10.254.254.254
>
> I'm not sure what you're trying to do here, but, regardless, your
> configuration doesn't necessitate the use of left/rightid. Delete 'em.
>
>
> > Ok from this I can understand that 10.2.0.0/24 is unreachable which is
> > very true, because my 10.2.0.0/24 is not routed through my ISPs network.
> > Is IPsec suposed to do IP encapsulation to encapsulate the 10.2.0.0/24
> > on 192.168.144.254?, or is there a way to do on IPsec like for example
>
> Basically, IPSec will encapsulate all the traffic from one subnet to the
> other via the gateway IPs. This situation a little less complex then you
> think; just correct the configuration errors and the connection should work.
>
> - --
> Sam Sgro
> sam_at_freeswan.org
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
> Comment: For the matching public key, finger the Reply-To: address.
>
> iQCVAwUBPaTY9UOSC4btEQUtAQHh4QQAja/+WI0w29eDRxIsXkLJ1jU4G3BMKUdU
> 1SCT75JbSfoeAi3nmo0u+NNGzfeXIJg7tywbaKXH/fkegkt5CaBVOAa3wKQ+L5kS
> 3z0EXAoFS6aYtXeSjNglK8OkJ78f8UGMTsPoO2nc1UGwxYw8sFa9VEFk5nnDAwmw
> sxLyP2Cx8dg=
> =pRBi
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>
-- Grupi Shqiptar i Shfrytezuesve te Linux - Albanian Linux Users Group ==================================================================================== www.albalinux.org GSSL-AlbaLug _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Oct 11 2002 - 05:20:23 CEST