<html>
<head>
<style>
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body class='hmmessage'><BR>Dear users,<BR>
<BR>
I got a problem, <BR>
<BR>
RTNETLINK answers: Network is unreachable<BR>
<BR>
Everything looks fine, i tried in a VMWare configuration and it worked out but when i take it to the real world it goes bad.<BR>
<BR>
Here my ipsec.conf <BR>
version 2.0<BR>
config setup<BR> interfaces=%defaultroute<BR>
conn vpncom<BR> compress=yes<BR> left=190.152.1.157<BR> leftsubnet=192.168.0.0/24<BR> <A href="mailto:#leftid=@vpnleft">#leftid=@vpnleft</A><BR> leftrsasigkey=0sAQPLybKue+kfjnQ7CNEp5Yqcwbshx+qN8su+FBx2U4k+cTHXJ7sz7iO4xcqCyeLlTNs1JlSO9D1Iv1wrWeKr<BR> right=200.25.176.90<BR> <A href="mailto:#rightid=@vpnrigth">#rightid=@vpnrigth</A><BR> rightsubnet=192.168.45.0/24<BR> rightrsasigkey=0sAQN7/0Z7GOzBUinphWzaKR+HgUhWBRNoYuUhq4QfJetiSs6CP27hCpGpWRe5fyMAWEWpBQyXNA4O7nb<BR> authby=rsasig<BR> #authby=secret<BR> auto=start<BR>
conn block<BR> auto=ignore<BR>
conn private<BR> auto=ignore<BR>
conn private-or-clear<BR> auto=ignore<BR>
conn clear-or-private<BR> auto=ignore<BR>
conn clear<BR> auto=ignore<BR>
conn packetdefault<BR> auto=ignore<BR><BR>LAST lines of ipsec auto --status<BR>
<BR>
000 "vpncom": 192.168.45.0/24===200.25.176.90...190.152.1.157===192.168.0.0/24; erouted; eroute owner: #4<BR>000 "vpncom": srcip=unset; dstip=unset<BR>000 "vpncom": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<BR>000 "vpncom": policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;<BR>000 "vpncom": newest ISAKMP SA: #1; newest IPsec SA: #4;<BR>000 "vpncom": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536<BR>000<BR>000 #3: "vpncom" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 26573s<BR>000 #3: "vpncom" <A href="mailto:esp.8ac25ef4@190.152.1.157">esp.8ac25ef4@190.152.1.157</A> <A href="mailto:esp.80410cba@200.25.176.90">esp.80410cba@200.25.176.90</A> <A href="mailto:comp.6462@190.152.1.157">comp.6462@190.152.1.157</A> <A href="mailto:comp.69c5@200.25.176.90">comp.69c5@200.25.176.90</A> <A href="mailto:tun.0@190.152.1.157">tun.0@190.152.1.157</A> <A href="mailto:tun.0@200.25.176.90">tun.0@200.25.176.90</A><BR>000 #2: "vpncom" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1372s; lastdpd=-1s(seq in:0 out:0)<BR>000 #4: "vpncom" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 26088s; newest IPSEC; eroute owner<BR>000 #4: "vpncom" <A href="mailto:esp.41d1e48f@190.152.1.157">esp.41d1e48f@190.152.1.157</A> <A href="mailto:esp.c6c0bd4e@200.25.176.90">esp.c6c0bd4e@200.25.176.90</A> <A href="mailto:comp.10c9@190.152.1.157">comp.10c9@190.152.1.157</A> <A href="mailto:comp.a1cb@200.25.176.90">comp.a1cb@200.25.176.90</A> <A href="mailto:tun.0@190.152.1.157">tun.0@190.152.1.157</A> <A href="mailto:tun.0@200.25.176.90">tun.0@200.25.176.90</A><BR>000 #1: "vpncom" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 808s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)<BR>000<BR><BR>
<BR>
some of /var/log/messages<BR>
<BR>
Nov 5 13:27:45 contex ipsec_setup: KLIPS ipsec0 on eth0 200.25.176.90/255.255.255.248 broadcast 200.25.176.95<BR>Nov 5 13:27:45 contex ipsec_setup: ...Openswan IPsec started<BR>Nov 5 13:27:45 contex ipsec_setup: Starting Openswan IPsec 2.3.0...<BR>Nov 5 13:27:45 contex ipsec_setup: insmod /lib/modules/2.6.9-42.ELsmp/kernel/net/key/af_key.ko<BR>Nov 5 13:27:45 contex ipsec_setup: insmod /lib/modules/2.6.9-42.ELsmp/kernel/net/ipv4/xfrm4_tunnel.ko<BR>Nov 5 13:27:45 contex ipsec__plutorun: 104 "vpncom" #1: STATE_MAIN_I1: initiate<BR>Nov 5 13:27:45 contex ipsec__plutorun: ...could not start conn "vpncom"<BR><BR>
<BR>
some of /var/log/secure<BR>
<BR>
Nov 5 13:27:55 contex pluto[421]: "vpncom" #1: received Vendor ID payload [Dead Peer Detection]<BR>Nov 5 13:27:55 contex pluto[421]: "vpncom" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<BR>Nov 5 13:27:55 contex pluto[421]: "vpncom" #1: I did not send a certificate because I do not have one.<BR>Nov 5 13:27:55 contex pluto[421]: "vpncom" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<BR>Nov 5 13:27:55 contex pluto[421]: "vpncom" #1: Main mode peer ID is ID_IPV4_ADDR: '190.152.1.157'<BR>Nov 5 13:27:55 contex pluto[421]: "vpncom" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4<BR>Nov 5 13:27:55 contex pluto[421]: "vpncom" #1: ISAKMP SA established<BR>Nov 5 13:27:55 contex pluto[421]: "vpncom" #4: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using <FONT face="">isakmp#1</FONT>}<BR>Nov 5 13:27:56 contex pluto[421]: "vpncom" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<BR>Nov 5 13:27:56 contex pluto[421]: "vpncom" #4: sent QI2, IPsec SA established {ESP=>0x41d1e48f <0xc6c0bd4e IPCOMP=>0x000010c9 <0x0000a1cb}<BR><BR>
WHEN I CHANGE THE CONF FILE WITH AUTO=ADD IT SENDS THIS: RTNETLINK answers: Network is unreachable<BR>
<BR>
Anybody an answer, some ideas??? plz help me out<BR>
<DIV><STRONG><FONT color=#6699ff size=6></FONT></STRONG> </DIV>
<DIV><STRONG><FONT color=#6699ff size=6></FONT></STRONG> </DIV>
<DIV><STRONG><FONT color=#6699ff size=6></FONT></STRONG> </DIV>
<DIV><STRONG><FONT color=#6699ff size=6></FONT></STRONG> </DIV>
<DIV><STRONG><FONT color=#6699ff size=6>=';'=</FONT></STRONG></DIV><BR><br /><hr />Connect to the next generation of MSN Messenger <a href='http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline' target='_new'>Get it now! </a></body>
</html>