[Users] no eroute

From: info_at_radiomensajes.com.co
Date: Fri Nov 08 2002 - 16:12:24 CET

• Next message: Ken Bantoft: "Re: [Users] Message on secure log - no acceptable Oakley Transform policy does not allow OAKLEY_PRESHARED_KEY authentication"
• Previous message: Nate Carlson: "Re: [Users] Interoperability between 2.2.x and 2.4.x kernel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

i see the page but it doesn´t tell me nothing about solving my problem, i get the same message:

Nov 8 09:50:45 ns kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:84 id:0 DF frag_off:0 ttl:64 proto:1 (ICMP) chk:31444 saddr:10.144.16.105 daddr:192.168.228.51 type:code=8:0
Nov 8 09:50:45 ns kernel: klips_debug:ipsec_findroute: 10.144.16.105->192.168.228.51
Nov 8 09:50:45 ns kernel: klips_debug:rj_match: * See if we match exactly as a host destination
Nov 8 09:50:45 ns kernel: klips_debug:rj_match: ** try to match a leaf, t=0xcdc27280
Nov 8 09:50:45 ns kernel: klips_debug:rj_match: *** start searching up the tree, t=0xcdc27280
Nov 8 09:50:45 ns kernel: klips_debug:rj_match: **** t=0xcdc27298
Nov 8 09:50:45 ns kernel: klips_debug:rj_match: **** t=0xce04fba0
Nov 8 09:50:45 ns kernel: klips_debug:rj_match: ***** cp2=0xc9d80278 cp3=0xc443c450
Nov 8 09:50:45 ns kernel: klips_debug:rj_match: ***** not found.
Nov 8 09:50:45 ns kernel: klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet saddr=a901069, er=00000000, daddr=c0a8e433, er_dst=0, proto=1 sport=0 dport=0
Nov 8 09:50:45 ns kernel: klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 2,28
Nov 8 09:50:45 ns kernel: klips_debug:ipsec_tunnel_start_xmit: shunt SA of DROP or no eroute: dropping.
Nov 8 09:50:46 ns kernel: klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
Nov 8 09:50:46 ns kernel: klips_debug:ipsec_tunnel_hard_header: Revectored 0x00000000->0xcdde83c8 len=84 type=2048 dev=ipsec0->eth0 dev_addr=00:d0:09:33:57:7e ip=0a901069->c0a8e433

i have to connect to checkpoint firewall-1, my ipsec.conf is:

config setup
        # THIS SETTING MUST BE CORRECT or almost nothing will work;
        # %defaultroute is okay for most simple cases.
        interfaces="ipsec0=eth0"
        # Debug-logging controls: "none" for (almost) none, "all" for lots.
        klipsdebug=all
        plutodebug=none
        # Use auto= parameters in conn descriptions to control startup actions.
        plutoload=%search
        plutostart=%search
        # Close down old connection when new one using same ID shows up.
        uniqueids=yes

# Conexion de la red privada con bellsouth
conn radio-bellsouth
        type=tunnel
        keyingtries=0
        left=200.32.80.226
        leftnexthop=200.32.80.225
        leftsubnet=192.168.228.0/24
        right=200.68.135.62
        rightnexthop=200.68.135.61
        rightsubnet=10.144.16.119/32
        keyexchange=ike
        auth=esp
        pfs=no
        auto=start

it seems to be correct but i cant ping from 10.144.16.119 to 192.168.228.51, the checkpoint administrator told me that in the logs when i try to telnet this machine it completes the first part (ipsec), but then the firewall recieves a reset from the security associations of the linux.

i really don´t know what is happening, please help me, i´m sure you can help me

thanks

Rodrigo De la Peña

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Ken Bantoft: "Re: [Users] Message on secure log - no acceptable Oakley Transform policy does not allow OAKLEY_PRESHARED_KEY authentication"
• Previous message: Nate Carlson: "Re: [Users] Interoperability between 2.2.x and 2.4.x kernel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 09 2002 - 05:20:36 CET