<div dir="ltr"><div>I&#39;m trying to set an IPSec tunnel between 2 hosts, but I get this error:</div><div>[code]</div><div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d</div><div>Apr  3 15:45:26 ip-10-0-0-216 pluto: adjusting ipsec.d to /etc/ipsec.d</div>

<div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0</div><div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 037 attempt to load incomplete connection</div>

<div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named &quot;vpc1-to-vpc2&quot;</div><div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 000 initiating all conns with alias=&#39;vpc1-to-vpc2&#39; </div>

<div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named &quot;vpc1-to-vpc2&quot;</div><div>[/code]</div><div><br></div><div>I&#39;ve 2 hosts with these IPs:</div><div><br></div><div>[B]Host A[/B]</div>

<div>[code]</div><div>Public IP: 54.236.163.71</div><div>Public DNS: <a href="http://ec2-54-236-163-71.compute-1.amazonaws.com">ec2-54-236-163-71.compute-1.amazonaws.com</a></div><div>Private DNS: ip-10-0-0-216.ec2.internal<span class="" style="white-space:pre">        </span>Product Codes:</div>

<div>Private IPs: <a href="http://10.0.0.216/16">10.0.0.216/16</a></div><div>[/code]</div><div><br></div><div>[B]Host B[/B]</div><div>[code]</div><div>Public IP: 54.246.211.133</div><div>Public DNS: <a href="http://ec2-54-246-211-133.eu-west-1.compute.amazonaws.com">ec2-54-246-211-133.eu-west-1.compute.amazonaws.com</a></div>

<div>Private DNS: ip-172-16-0-104.eu-west-1.compute.internal<span class="" style="white-space:pre">        </span></div><div>Private IPs: 172.16.0.104</div><div>[/code]</div><div><br></div><div>The private addresses are behind a NAT that gives the public address. From the hosts, I can only get the private IPs with &quot;ifconfig -a&quot;</div>

<div><br></div><div><br></div><div>Here are my IPSec connections configuration:</div><div>[B]Host A[/B]</div><div>[code]</div><div>conn vpc1-to-vpc2</div><div><span class="" style="white-space:pre">        </span>type=tunnel</div>

<div><span class="" style="white-space:pre">        </span>authby=secret</div><div><span class="" style="white-space:pre">        </span>left=10.0.0.216</div><div><span class="" style="white-space:pre">        </span>leftsubnet=<a href="http://10.0.0.0/16">10.0.0.0/16</a></div>

<div><span class="" style="white-space:pre">        </span>leftnexthop=%defaultroute</div><div><span class="" style="white-space:pre">        </span>right=54.246.211.133</div><div><span class="" style="white-space:pre">        </span>rightsubnet=<a href="http://172.16.0.0/16">172.16.0.0/16</a></div>

<div><span class="" style="white-space:pre">        </span>pfs=yes</div><div><span class="" style="white-space:pre">        </span>auto=start</div><div>[/code]</div><div><br></div><div>[B]Host B[/B]</div><div>[code]</div><div>conn vpc1-to-vpc2</div>

<div><span class="" style="white-space:pre">        </span>type=tunnel</div><div><span class="" style="white-space:pre">        </span>authby=secret</div><div><span class="" style="white-space:pre">        </span>#left=%defaultroute</div><div>

<span class="" style="white-space:pre">        </span>left=10.0.0.216</div><div><span class="" style="white-space:pre">        </span>leftsubnet=<a href="http://10.0.0.0/16">10.0.0.0/16</a></div><div><span class="" style="white-space:pre">        </span>leftnexthop=%defaultroute</div>

<div><span class="" style="white-space:pre">        </span>right=54.246.211.133</div><div><span class="" style="white-space:pre">        </span>rightsubnet=<a href="http://172.16.0.0/16">172.16.0.0/16</a></div><div><span class="" style="white-space:pre">        </span>pfs=yes</div>

<div><span class="" style="white-space:pre">        </span>auto=start</div><div>[/code]</div><div><br></div><div>The secret key files are here:</div><div>[B]Host A[/B]</div><div>[code]</div><div>Host A:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc</div>

<div>%any %any: PSK &quot;test&quot;</div><div>[/code]</div><div><br></div><div>[B]Host B[/B]</div><div>[code]</div><div>host B:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc</div><div>%any %any: PSK &quot;test&quot;</div>

<div>[/code]</div><div><br></div><div>With this configuration I cannot setup a tunnel. I don&#39;t understand why I get this problem, because it seems that the IPs are correct. Any help?</div><div><br></div>-- <br>Best regards,<br>


</div>