From: Sam Sgro (sam_at_freeswan.org)
Date: Thu Oct 31 2002 - 05:19:25 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 30 Oct 2002, André Dezoti wrote:
> I got this error when I start : ipsec auto --up vpn
>
> 104 "vpn" #1: STATE_MAIN_I1: initiate
> 106 "vpn" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "vpn" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "vpn" #1: STATE_MAIN_I4: ISAKMP SA established
> 112 "vpn" #2: STATE_QUICK_I1: initiate
> 003 "vpn" #2: route-host command exited with status 7
We've tried to route the connection as you've defined it, but are failing.
Typically, this is because one of the relevant "nexthop" parameters are
incorrect, or that some other aspect of the networking doesn't mirror reality.
> conn vpn
> left=192.168.3.1
> leftsubnet=192.168.3.0/24
This is likely to be the incorrect aspect. Does 192.168.3.1 represent the
interface of the machine that faces towards 192.168.2.1? You don't use an
interface that lies on the subnet you're trying to protect.
Draw a network diagram.
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPcCvT0OSC4btEQUtAQHvPQQAhEeQ31wwaqxHwU4Sy678sTHWTZY/djcD
D1vSSe8Rp8srzxD70pwrQ7LCGqdXBDKxDL8F93hoQFbzzDR80Qy0C2TjlKZFT1pt
8eeqwPlQmSYKa6x/uFhkR/OvNSN6DivTjq43B9URPAEWJbGLXuMdFB9HmSR/5veA
ZhXMvmmCBV4=
=8A7O
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 05:20:36 CET