Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED

From: Sam Sgro (sam_at_freeswan.org)
Date: Mon Dec 16 2002 - 05:15:11 CET

• Next message: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• Previous message: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• In reply to: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• Next in thread: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• Reply: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----

On 15 Dec 2002, James P. Kinney III wrote:

> I got that problem fixed by removing the "extra stuff" from the
> ipsec.secrets file.
>
> New problem. Testing a connection between a Win2k client and a
> linux/FreeSWan server on a private network (to avoid the phone dialup
> while learning).
>
> The ipsec starts OK but it can't set the routing to the win2k box. It
> gripes about missing or bad nexthop setting. The win2k box has no
> nexthop. It is joined by ethernet through a 100M switch to the head end!
> I tried the IP address of the head end NIC and also the IP of the win2k
> box. It seems like this should be similar to the "wireless LAN client
> VPN connection", i.e. a single box connecting to a gateway.

Perhaps you need to provide a network diagram, and the ipsec.conf file you are
using. I can't really give you a specific fix without this info.

The mention of the nexthop setting is our guess as to why this route command
fails:

> Dec 15 21:45:17 castle pluto[4997]: "roadwarrior"[2] 192.168.1.13 #2:
> route-client output: /usr/local/lib/ipsec/_updown: `route add -net
> 192.168.1.13 netmask 255.255.255.255 dev ipsec0 gw 192.168.1.13' failed

... where gw 192.168.1.13 represents your nexthop. It looks like you're using
nexthop=%direct, the default value if none is set. This may not be
appropriate, depending on which interface ipsec0 is bound to, and your network
setup.

If no nexthop exists because this gateway stands on the same network as the
win2k roadwarrior, then chances are you're using an inappropriate ipsec
interface - make sure one is bound to the appropriate local IP on the network
of the roadwarrior. (ie, if you have both 192.168.0.1 and 192.168.1.1 nics on
this box, make sure you have an interface on 192.168.1.1 and that this is the
IP the RW is attempting to contact.)
 
- --
Sam Sgro
sam_at_freeswan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.

iQCVAwUBPf1TUkOSC4btEQUtAQHz+gQAooJCCDZhPcAmkHcOiGCbW6o7sLv/g/a+
Fjg71MWC9MHzKhYwmdpDalIU5AXHN/qX23gbIKe3uYbR65egmuMWhoexmQR2aKEq
JsHnIwgXleD+Pvzah4atCzab21OuxDcN0qO3/rRoWpdErFdxl7wLQ+jO2irDmVA0
EPDSAW/4MPU=
=0bXQ
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• Previous message: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• In reply to: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• Next in thread: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• Reply: James P. Kinney III: "Re: [VF]Re: [Users] super-freeswan-1.99kb2 !pluto failure! <- FIXED"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Tue Dec 17 2002 - 05:21:05 CET