Re: [Users] Can't connect from Dinamip IP

From: Emiliano (emiliano_at_climafin.com.ar)
Date: Tue Jan 14 2003 - 14:12:35 CET

> Did you get my long response to your message? I'll re-send it otherwise.
>
> - --
> Sam Sgro
> sam_at_freeswan.org

Yes, thanks you very much.
I so stupid......
Now I have another problem....I'm trying to solve.

emiliano]# ipsec auto --verbose --up lintolin
002 "lintolin" #1: initiating Main Mode
104 "lintolin" #1: STATE_MAIN_I1: initiate
106 "lintolin" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "lintolin" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "lintolin" #1: Peer ID is ID_FQDN: '@gs1.climafin.com.ar'
002 "lintolin" #1: ISAKMP SA established
004 "lintolin" #1: STATE_MAIN_I4: ISAKMP SA established
002 "lintolin" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
112 "lintolin" #2: STATE_QUICK_I1: initiate
002 "lintolin" #2: route-client output: SIOCADDRT: Network is unreachable
002 "lintolin" #2: route-client output: /usr/local/lib/ipsec/_updown: `route
add -net 13.0.0.0 netmask 255.0.0.0 dev ipsec0 gw 200.45.229.110' failed
002 "lintolin" #2: route-client output: /usr/local/lib/ipsec/_updown:
(incorrect or missing nexthop setting??)
003 "lintolin" #2: route-client command exited with status 7
032 "lintolin" #2: STATE_QUICK_I1: internal error
010 "lintolin" #2: STATE_QUICK_I1: retransmission; will wait 20s for
response
002 "lintolin" #2: route-client output: SIOCADDRT: Network is unreachable
002 "lintolin" #2: route-client output: /usr/local/lib/ipsec/_updown: `route
add -net 13.0.0.0 netmask 255.0.0.0 dev ipsec0 gw 200.45.229.110' failed
002 "lintolin" #2: route-client output: /usr/local/lib/ipsec/_updown:
(incorrect or missing nexthop setting??)
003 "lintolin" #2: route-client command exited with status 7
032 "lintolin" #2: STATE_QUICK_I1: internal error
010 "lintolin" #2: STATE_QUICK_I1: retransmission; will wait 40s for
response
002 "lintolin" #2: route-client output: SIOCADDRT: Network is unreachable
002 "lintolin" #2: route-client output: /usr/local/lib/ipsec/_updown: `route
add -net 13.0.0.0 netmask 255.0.0.0 dev ipsec0 gw 200.45.229.110' failed
002 "lintolin" #2: route-client output: /usr/local/lib/ipsec/_updown:
(incorrect or missing nexthop setting??)
003 "lintolin" #2: route-client command exited with status 7
032 "lintolin" #2: STATE_QUICK_I1: internal error
031 "lintolin" #2: max number of retransmissions (2) reached STATE_QUICK_I1.
No acceptable response to our first Quick Mode message: perhaps peer likes
no proposal
000 "lintolin" #2: starting keying attempt 2 of an unlimited number, but
releasing whack

In the Faq says that try ipsec auto --route and --unroute , I'm going to try
this.....

but....

in Linux box with dinamic ip, its connects ( says IPsec SA established ) but
can't ping, i guess thats it's something wrong with the route take a look :
( and that I presume it's why can't get the connection in the other side )
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
200.3.62.213 * 255.255.255.255 UH 0 0 0 ppp0
200.3.62.213 * 255.255.255.255 UH 0 0 0
ipsec0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
13.0.0.0 * 255.0.0.0 U 0 0 0 eth0
15.0.0.0 200.3.62.213 255.0.0.0 UG 0 0 0
ipsec0 <-- LOOK HERE ??,
default 200.3.62.213 0.0.0.0 UG 0 0 0 ppp0

ifconfig ppp0

ppp0 Link encap:Point-to-Point Protocol
          inet addr:200.45.229.110 P-t-P:200.3.62.213 Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
          RX packets:28723584 errors:0 dropped:0 overruns:0 frame:0
          TX packets:32292245 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3

Tks...Emiliano.

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:39 CET