[Openswan Users] Subnet-to-subnet configuration problem

Julien GROSJEAN - Proxiad j.grosjean at proxiad.com
Tue Jun 12 12:15:26 EDT 2007 

Hello,

I modify my configuration after reading again and i found my mistakes...

I enable NAT-TRAVERSAL
It seems to trying to connect, but... here are logs exactly the sames on 
both boxes:


### STARTING LOGS ###

104 "net-to-net" #1: STATE_MAIN_I1: initiate
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 
2.4.4  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES              _KEYRR]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "net-to-net" #1: NAT-Traversal: Result using 3: both are NATed
108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "net-to-net" #1: ignoring informational payload, type 
INVALID_ID_INFORMATION
003 "net-to-net" #1: received and ignored informational message

010 "net-to-net" #1: STATE_MAIN_I3: retransmission; will wait 20s for 
response
003 "net-to-net" #1: ignoring informational payload, type 
INVALID_ID_INFORMATION
003 "net-to-net" #1: received and ignored informational message
003 "net-to-net" #1: discarding duplicate packet; already STATE_MAIN_I3

...
### ENDING LOGS ###


And always the same message.
Can you tell me where is the problem ?

Here is are my conf files :

##### FIRST CONF FILE ######
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         # NAT-TRAVERSAL support, see README.NAT-Traversal
          nat_traversal=yes
         # 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
          interfaces="ipsec0=eth0"
         # plutoload=%search

conn net-to-net
     left=192.168.10.55
     leftsubnet=192.169.10.0/24
     leftid=@192.168.10.55
     leftrsasigkey=0sAQPSJVkiFSp5E7VR6u+RGs...
     leftnexthop=192.168.10.1
     right=193.x.x.x
     rightsubnet=10.1.11.0/24
     rightrsasigkey=0sAQPAXKfwyOzCtzo2DoGwhh...
     auto=add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
##### END OF FIRST CONF FILE #####

#### SECOND CONF FILE #####
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
         # NAT-TRAVERSAL support, see README.NAT-Traversal
          nat_traversal=yes
         # 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
          interfaces="ipsec0=eth1"
         # plutoload=%search

conn net-to-net
     left=10.1.11.39
     leftsubnet=10.1.11.0/24
     leftid=@10.1.11.39
     leftrsasigkey=0sAQPAXKfw....
     leftnexthop=10.1.11.21
     right=217.x.x.x
     rightsubnet=192.168.10.0/24
     rightrsasigkey=0sAQPSJVkiFSp5E7VR6u+....
     auto=add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
### END OF SECOND CONF FILE ###


Perhaps wrong leftid and rightid ?
What about these parameters ?
Can you help me ? :-)

Thx in advance.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: j.grosjean.vcf
Type: text/x-vcard
Size: 237 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20070612/97ca1835/attachment.vcf

More information about the Users mailing list