From: jsa62_at_tid.es
Date: Fri Dec 27 2002 - 13:03:54 CET
Hello Domenico,
i see that in your ipsec.conf file you dont have specified which the
right subnet is ....
i have a similar scennario and i have rightsubnet= and rightnexthop= ,
yes equal empty, since we dont know those values
i think those values are necessary.. for eroute to route ;)
could you try this??
Hope it helps
Cheers
-------------
Julio Saura Alejandre
Servicios Ip de Banda Ancha
Telefónica I+D (913374993)
----- Original Message -----
From: "Mimmus" <dviggiani_at_tiscali.it>
Date: Friday, December 27, 2002 8:37 am
Subject: [VF][Users] Cannot ping internal hosts but only internal interface
> Hi,
> I'm trying to set up a simple road-warrior configuration:
> 192.168.0.0/24===xxx.yyy.zzz.226---zzz.yyy.zzz.225...%any
> using shared-secret (I have one road-warrior client) but I'm having
> manyproblems.
> Gateway is a Redhat 7.2 Linux box with three network interfaces,
> Shorewallfirewall set up correctly (I hope... but I tried also with
> all firewall
> rules cleared).
> Client is a Redhat 8.0 Linux box.
>
> Connection starts up correctly:
>
> ipsec__plutorun: Starting Pluto subsystem...
> pluto[24331]: Starting Pluto (FreeS/WAN Version 1.99)
> pluto[24331]: including X.509 patch (Version 0.9.15)
> pluto[24331]: Changing to directory '/etc/ipsec.d/cacerts'
> pluto[24331]: Warning: empty directory
> pluto[24331]: Changing to directory '/etc/ipsec.d/crls'
> pluto[24331]: Warning: empty directory
> pluto[24331]: could not open my default X.509 cert file
> '/etc/x509cert.der'
> pluto[24331]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
> pluto[24331]: added connection description "road"
> pluto[24331]: listening for IKE messages
> pluto[24331]: adding interface ipsec1/eth1 192.168.0.254
> pluto[24331]: adding interface ipsec0/eth0 xxx.yyy.zzz.226
> pluto[24331]: loading secrets from "/etc/ipsec.secrets"
> pluto[24331]: "road"[1] 151.39.227.40 #1: responding to Main Mode from
> unknown peer 151.39.227.40
> pluto[24331]: "road"[1] 151.39.227.40 #1: Peer ID is ID_IPV4_ADDR:
> '151.39.227.40'
> pluto[24331]: "road"[1] 151.39.227.40 #1: sent MR3, ISAKMP SA
> establishedpluto[24331]: "road"[1] 151.39.227.40 #2: responding to
> Quick Mode
> pluto[24331]: "road"[1] 151.39.227.40 #3: responding to Quick Mode
> pluto[24331]: "road"[1] 151.39.227.40 #2: IPsec SA established
> pluto[24331]: "road"[1] 151.39.227.40 #3: IPsec SA established
>
> but I'm unable to ping internal hosts, only gateway's internal
> interface.After a few minutes, I see also these error messages:
>
> pluto[24331]: INTERNAL ERROR: /proc/net/ipsec_eroute line 1 SA ID
> fieldmalformed: SA specifier lacks valid protocol prefix
>
>
> This is ipsec.conf on the gateway:
>
> config setup
> # interfaces=%defaultroute
> interfaces="ipsec0=eth0 ipsec1=eth1"
> klipsdebug=none
> plutodebug=none
> plutoload=%search
> plutostart=%search
> uniqueids=yes
> conn %default
> keyingtries=1
> disablearrivalcheck=no
> authby=secret
> # road-warrior
> conn road
> left=xxx.yyy.zzz.226
> leftsubnet=192.168.0.0/24
> leftnexthop=xxx.yyy.zzz.225
> right=%any
> auto=add
> pfs=yes
>
>
> Any help?
> Domenico Viggiani
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
> _______________________________________________
> Ipsec-users mailing list
> Ipsec-users_at_tossell.net
> http://lists.tossell.net/lists/listinfo/ipsec-users
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Mon Dec 30 2002 - 05:21:12 CET