<div dir="ltr"><div>I'm trying to set an IPSec tunnel between 2 hosts, but I get this error:</div><div>[code]</div><div>Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d</div><div>Apr 3 15:45:26 ip-10-0-0-216 pluto: adjusting ipsec.d to /etc/ipsec.d</div>
<div>Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0</div><div>Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 037 attempt to load incomplete connection</div>
<div>Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named "vpc1-to-vpc2"</div><div>Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 000 initiating all conns with alias='vpc1-to-vpc2' </div>
<div>Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named "vpc1-to-vpc2"</div><div>[/code]</div><div><br></div><div>I've 2 hosts with these IPs:</div><div><br></div><div>[B]Host A[/B]</div>
<div>[code]</div><div>Public IP: 54.236.163.71</div><div>Public DNS: <a href="http://ec2-54-236-163-71.compute-1.amazonaws.com">ec2-54-236-163-71.compute-1.amazonaws.com</a></div><div>Private DNS: ip-10-0-0-216.ec2.internal<span class="" style="white-space:pre"> </span>Product Codes:</div>
<div>Private IPs: <a href="http://10.0.0.216/16">10.0.0.216/16</a></div><div>[/code]</div><div><br></div><div>[B]Host B[/B]</div><div>[code]</div><div>Public IP: 54.246.211.133</div><div>Public DNS: <a href="http://ec2-54-246-211-133.eu-west-1.compute.amazonaws.com">ec2-54-246-211-133.eu-west-1.compute.amazonaws.com</a></div>
<div>Private DNS: ip-172-16-0-104.eu-west-1.compute.internal<span class="" style="white-space:pre"> </span></div><div>Private IPs: 172.16.0.104</div><div>[/code]</div><div><br></div><div>The private addresses are behind a NAT that gives the public address. From the hosts, I can only get the private IPs with "ifconfig -a"</div>
<div><br></div><div><br></div><div>Here are my IPSec connections configuration:</div><div>[B]Host A[/B]</div><div>[code]</div><div>conn vpc1-to-vpc2</div><div><span class="" style="white-space:pre"> </span>type=tunnel</div>
<div><span class="" style="white-space:pre"> </span>authby=secret</div><div><span class="" style="white-space:pre"> </span>left=10.0.0.216</div><div><span class="" style="white-space:pre"> </span>leftsubnet=<a href="http://10.0.0.0/16">10.0.0.0/16</a></div>
<div><span class="" style="white-space:pre"> </span>leftnexthop=%defaultroute</div><div><span class="" style="white-space:pre"> </span>right=54.246.211.133</div><div><span class="" style="white-space:pre"> </span>rightsubnet=<a href="http://172.16.0.0/16">172.16.0.0/16</a></div>
<div><span class="" style="white-space:pre"> </span>pfs=yes</div><div><span class="" style="white-space:pre"> </span>auto=start</div><div>[/code]</div><div><br></div><div>[B]Host B[/B]</div><div>[code]</div><div>conn vpc1-to-vpc2</div>
<div><span class="" style="white-space:pre"> </span>type=tunnel</div><div><span class="" style="white-space:pre"> </span>authby=secret</div><div><span class="" style="white-space:pre"> </span>#left=%defaultroute</div><div>
<span class="" style="white-space:pre"> </span>left=10.0.0.216</div><div><span class="" style="white-space:pre"> </span>leftsubnet=<a href="http://10.0.0.0/16">10.0.0.0/16</a></div><div><span class="" style="white-space:pre"> </span>leftnexthop=%defaultroute</div>
<div><span class="" style="white-space:pre"> </span>right=54.246.211.133</div><div><span class="" style="white-space:pre"> </span>rightsubnet=<a href="http://172.16.0.0/16">172.16.0.0/16</a></div><div><span class="" style="white-space:pre"> </span>pfs=yes</div>
<div><span class="" style="white-space:pre"> </span>auto=start</div><div>[/code]</div><div><br></div><div>The secret key files are here:</div><div>[B]Host A[/B]</div><div>[code]</div><div>Host A:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc</div>
<div>%any %any: PSK "test"</div><div>[/code]</div><div><br></div><div>[B]Host B[/B]</div><div>[code]</div><div>host B:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc</div><div>%any %any: PSK "test"</div>
<div>[/code]</div><div><br></div><div>With this configuration I cannot setup a tunnel. I don't understand why I get this problem, because it seems that the IPs are correct. Any help?</div><div><br></div>-- <br>Best regards,<br>
</div>