<br><font size=2 face="sans-serif">You must change </font>
<br>
<br><font size=2 face="sans-serif">auto=add</font>
<br>
<br><font size=2 face="sans-serif">with </font>
<br>
<br><font size=2 face="sans-serif">auto=start</font>
<br>
<br><font size=2 face="sans-serif">By</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Marek Antoniak <marek.antoniak@ostc-pl.com></b></font>
<br><font size=1 face="sans-serif">Inviato da: users-bounces@openswan.org</font>
<p><font size=1 face="sans-serif">27/07/2006 16.00</font>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> Per:
users@openswan.org</font>
<br><font size=1 face="sans-serif"> Cc:
</font>
<br><font size=1 face="sans-serif"> Oggetto:
[Openswan Users] RTNETLINK answers:
Network is unreachable (long)</font></table>
<br>
<br>
<br><tt><font size=2>Hello everyone,<br>
I'm a total ipsec newbie and I would be glad if someone could help me <br>
with following problem: when I try to connect to remote side I get such
<br>
a message:<br>
002 "net-to-net" #2: route-client output: /usr/lib/ipsec/_updown:
<br>
doroute `ip route add 192.168.200.0/24 via 10.75.0.9 dev eth1 ' failed
<br>
(RTNETLINK answers: Network is unreachable)<br>
<br>
My configuration files (with public IP addresses changed for obvious <br>
reason):<br>
/etc/ipsec.conf:<br>
version 2.0 # conforms to second version of ipsec.conf specification<br>
<br>
config setup<br>
klipsdebug=none<br>
plutodebug=none<br>
<br>
conn net-to-net<br>
type=tunnel<br>
left=1.2.3.4 # Local vitals<br>
leftsubnet=10.75.0.0/8<br>
leftnexthop=10.75.0.9<br>
right=4.3.2.1 # Remote vitals<br>
rightsubnet=192.168.200.0/24<br>
rightnexthop=192.168.249.4<br>
authby=secret<br>
esp=3des-sha1-96<br>
ike=3des-sha1<br>
keyexchange=ike<br>
keylife=60m<br>
compress=no<br>
auto=add<br>
<br>
include /etc/ipsec.d/examples/no_oe.conf<br>
<br>
/etc/ipsec.secrets:<br>
4.3.2.1 1.2.3.4: PSK "my password is 100% correct"<br>
<br>
<br>
The result from 'ipsec auto --verbose --up net-to-net':<br>
002 "net-to-net" #1: initiating Main Mode<br>
104 "net-to-net" #1: STATE_MAIN_I1: initiate<br>
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]<br>
002 "net-to-net" #1: transition from state STATE_MAIN_I1 to state
<br>
STATE_MAIN_I2<br>
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>
002 "net-to-net" #1: I did not send a certificate because I do
not have one.<br>
002 "net-to-net" #1: transition from state STATE_MAIN_I2 to state
<br>
STATE_MAIN_I3<br>
108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>
002 "net-to-net" #1: Main mode peer ID is ID_IPV4_ADDR: '4.3.2.1'<br>
002 "net-to-net" #1: transition from state STATE_MAIN_I3 to state
<br>
STATE_MAIN_I4<br>
004 "net-to-net" #1: STATE_MAIN_I4: ISAKMP SA established <br>
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha <br>
group=modp1536}<br>
002 "net-to-net" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP
<br>
{using isakmp#1}<br>
117 "net-to-net" #2: STATE_QUICK_I1: initiate<br>
002 "net-to-net" #2: route-client output: /usr/lib/ipsec/_updown:
<br>
doroute `ip route add 192.168.200.0/24 via 10.75.0.9 dev eth1 ' failed
<br>
(RTNETLINK answers: Network is unreachable)<br>
002 "net-to-net" #2: transition from state STATE_QUICK_I1 to
state <br>
STATE_QUICK_I2<br>
004 "net-to-net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
<br>
{ESP=>0x3a090321 <0x220fcf14 xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}<br>
<br>
I can attach 'ipsec barf' result if anyone needs it.<br>
_______________________________________________<br>
Users@openswan.org<br>
http://lists.openswan.org/mailman/listinfo/users<br>
Building and Integrating Virtual Private Networks with Openswan: <br>
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<br>
</font></tt>
<br>