<br>I've tried to use leftsouceip= and rightsourceip= , and I get these erors:<br><br>[root@dinamico38 ~]$ ipsec auto --verbose --up net-to-net<br>002 "net-to-net" #1: initiating Main Mode<br>104 "net-to-net" #1: STATE_MAIN_I1: initiate<br>
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version) 2.6.18 ]<br>003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]<br>002 "net-to-net" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2<br>002 "net-to-net" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3<br>
003 "net-to-net" #1: received Vendor ID payload [CAN-IKEv2]<br>002 "net-to-net" #1: Main mode peer ID is ID_FQDN: '@<a href="http://left.digitro.com.br">left.digitro.com.br</a>'<br>002 "net-to-net" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
004 "net-to-net" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}<br>002 "net-to-net" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:7d3747bd proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP2048}<br>
117 "net-to-net" #2: STATE_QUICK_I1: initiate<br><b>002 "net-to-net" #2: up-client output: /usr/libexec/ipsec/_updown.klips: changesource `ip route change <a href="http://14.14.14.0/24">14.14.14.0/24</a> dev ipsec0 src <a href="http://15.15.15.15">15.15.15.15</a>' failed (RTNETLINK answers: No such file or directory)</b><br>
002 "net-to-net" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>004 "net-to-net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xe4b4c312 <0x09db97a3 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}<br>
[root@dinamico38 ~]$ ipsec auto --verbose --down net-to-net<br>002 "net-to-net": terminating SAs using this connection<br>002 "net-to-net" #2: deleting state (STATE_QUICK_I2)<br><b>002 "net-to-net" #2: down-client output: /usr/libexec/ipsec/_updown.klips: dorule `ip rule delete from <a href="http://15.15.15.0/24">15.15.15.0/24</a> to <a href="http://14.14.14.0/24">14.14.14.0/24</a> ' failed (RTNETLINK answers: No such file or directory)</b><br>
002 "net-to-net" #1: deleting state (STATE_MAIN_I4)<br>[root@dinamico38 ~]$ <br><br><br><br><br clear="all">---<br>Sérgio Cioban Filho - LPIC1<br>------------------------------------------------------------<br>| Linux - Servidores - Firewall - VPN<br>
| Virtualização - VoIP - ShellScript - C - PHP <br>| <a href="http://cioban.googlepages.com">http://cioban.googlepages.com</a><br>| +55 48 9989-8733<br>------------------------------------------------------------<br>..:: Seja livre, use LiNuX!! ::..<br>
<br><br><div class="gmail_quote">On Mon, Dec 1, 2008 at 4:30 PM, Sergio Cioban Filho <span dir="ltr"><<a href="mailto:cioban@gmail.com">cioban@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I'm using ping -I . I will try with leftsourceip= and rightsourceip= ...<br>This configuration works fine on version 2.4.13 running on CentOS 5.1<br><br>I've tried to use many other versions: 2.6.16 , 2.6.14 , 2.5.17 , 2.5.16 and 2.4.13 but only the version 2.4.13 worked fine.<br>
<br>On version 2.6.16: same error, tx error count in ipsec0 interface is increased.<br>Version 2.6.14: The KLIPS module (ipsec) have compiled with no errors, but iget this message on modprobe: Unknown symbol ipsec_nat_encap<br>
Versions 2.5.x: Many errors in compilation. I could not compile any version<div class="Ih2E3d"><br><br>Thanks,<br>Regards,<br clear="all">---<br>Sérgio Cioban Filho - LPIC1<br>------------------------------------------------------------<br>
| Linux - Servidores - Firewall - VPN<br>
| Virtualização - VoIP - ShellScript - C - PHP <br>
| <a href="http://cioban.googlepages.com" target="_blank">http://cioban.googlepages.com</a><br>| +55 48 9989-8733<br>------------------------------------------------------------<br>..:: Seja livre, use LiNuX!! ::..<br>
<br><br></div><div><div></div><div class="Wj3C7c"><div class="gmail_quote">On Mon, Dec 1, 2008 at 3:38 PM, Paul Wouters <span dir="ltr"><<a href="mailto:paul@xelerance.com" target="_blank">paul@xelerance.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>On Mon, 1 Dec 2008, Sergio Cioban Filho wrote:<br>
<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Thanks for yor answer.<br>
I've tried to use version 2.6.19, but same error has ocurred.<br>
The SELinux has disabled.<br>
The output of ipsec barf is attached.<br>
</blockquote>
<br></div>
I don't see anything wrong. Are you using ping -I ? since you did not<br>
add leftsourceip= and rightsourceip= ?<br><font color="#888888">
<br>
Paul<br>
</font></blockquote></div><br>
</div></div></blockquote></div><br>