From: BenLau (benlau_at_sw-linux.com)
Date: Thu Dec 05 2002 - 10:36:18 CET
Ken Bantoft wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On Thu, 5 Dec 2002, BenLau wrote:
>
>
>>Hi all,
>>
>> I want to configure a network-to-host connection,and
>>I have the following setting in my /etc/ipsec.conf:
>>
>>conn a-to-b
>> leftid=@a
>> left=192.168.4.75
>> leftsubnet=172.16.0.0/16
>> leftnexthop=192.168.4.1
>> leftrsasigkey=....
>> right=%any
>> rightid=@b
>> rightrsasigkey=...
>> keylife=20m
>> keyingtries=1
>> auto=add
>> authby=rsasig
>>
>>and then i run the following commands:
>>
>>[root_at_localhost root]# /etc/init.d/ipsec restart
>>ipsec_setup: Stopping FreeS/WAN IPsec...
>>ipsec_setup: Starting FreeS/WAN IPsec 1.99...
>>ipsec_setup: Using /lib/modules/2.4.18/kernel/net/ipsec/ipsec.o
>>[root_at_localhost root]# ipsec auto --up a-to-b
>>
>>029 "a-to-b": cannot initiate connection without knowing peer IP address
>>
>>I dont understand why there have a error message
>>"cannot initiate connection without knowing peer IP address" there.
>>
>>And seem that i cant up the connection... do anybody know what happen
>>for it? Thanks you for any advice!!
>
>
>
> Of course... you can't connect to a roadwarrior who's IP address you don't
> know. What you what to do is not --up, but --add. Once it's added (which
> your config does) pluto just wait for an incoming connection.
>
>
> - --
> Ken Bantoft The Unoffical FreeS/WAN Site:
> ken_at_freeswan.ca http://www.freeswan.ca
> PGP Key: finger ken_at_bantoft.org
> "We can factor the number 15 with quantum computers. We
> can also factor the number 15 with a dog trained to bark
> three times." -- Robert Harley, 5/12/01, Sci.crypt
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
>
> iQCVAwUBPe7Tm1iWUusaxGxpAQGAeAP8CE1itVCEJUSPJScF+tPET3DB69NTqINC
> Z5NBgqPzg6hAnYoneaAcDGzDaXJrwtUSn8ogt+TIW1z50z351gBcPxy45lLZQuh9
> ROsHHS6a5Mv8FeyRJZRc1oqpOL/zSV3bEdPN37JjR+xTJTN5k3nC7IOQmjoTM2jM
> AckmcW8BNyM=
> =TnkY
> -----END PGP SIGNATURE-----
>
Thanks you very much!!!
The network-to-host connection is basically work now.
In the remote host, i just change the line right=%any to
right=%defaultroute. and then make a auto --up to the
connection
However, i got another problem.
Assume the host IP is 192.168.7.4. After the SA established,
i found a routing table record on the vpn gatewat.
[root_at_localhost root]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.7.4 192.168.4.1 255.255.255.0 U 40 0 0
ipsec0
192.168.4.1 is the default gateway of the vpn gatewat... and therefore
the connection lost... I can ping the network except the vpn gatewat
itself.. because it never response my packet. Any method can solve it?
-- Ben Embedded Linux Developer benlau_at_sw-linux.com Sun Wah Linux Limited www.sw-linux.com Tel: 852 2250 0220 Fax: 852 2259 9112 _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Fri Dec 06 2002 - 05:21:02 CET