[Openswan Users] RoadWarrior problems : route-host output: /usr/lib/ipsec/_updown: (incorrect or missing nexthop setting??)

"Артём Тамбовский" tambovsky at mail.ru
Thu Jun 10 16:41:42 CEST 2004 

Dear OpenSwaners,

   I hope that someone could give me an advice if there is something wrong with my configs:) I already spend several days but my first IPSec connection still doesnt work. 
I have a gateway with public IP address 217.74.130.35 on eth0 and 172.16.10.0/24 (on eth2)network behind this gateway. And I'd like to establish a IPSec connection beetwen this gateway and RoadWarroir client (this is a Linux machines). 

It looks that authentication between gateway and RW-client succesfuly pases but connection fails on route appending. Here is an error message that I got on client console:
[root at db-srv super-freeswan]# ipsec auto --verbose --up road
002 "road" #1: initiating Main Mode
104 "road" #1: STATE_MAIN_I1: initiate
106 "road" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "road" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "road" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=RU, L=St-Petersburg, O=TSIC, CN=ms-stp'
002 "road" #1: ISAKMP SA established
004 "road" #1: STATE_MAIN_I4: ISAKMP SA established
002 "road" #2: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
117 "road" #2: STATE_QUICK_I1: initiate
002 "road" #2: route-host output: SIOCADDRT: Network is unreachable
002 "road" #2: route-host output: /usr/lib/ipsec/_updown: `route add -net 172.16.10.0 netmask 255.25
5.255.0 dev ipsec0 gw 217.74.130.35' failed
002 "road" #2: route-host output: /usr/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
003 "road" #2: route-host command exited with status 7
032 "road" #2: STATE_QUICK_I1: internal error
010 "road" #2: STATE_QUICK_I1: retransmission; will wait 20s for response

That I did wrong in ipsec.configs?
And here is a parts wich describes a connection setting for gateway and RoadWarrior-machine

RoadWarrior: 
conn road
        auto=add
        left=212.213.61.152
        leftcert=db-srv-cert.pem
        right=217.74.130.35
        rightsubnet=172.16.10.0/24
        rightnexthop=172.16.10.1
        rightcert=gateway-cert.pem
        pfs=yes

Gateway:
conn road
        auto=add
        left=217.74.130.35
        leftsubnet=172.16.10.0/24
        leftcert=gateway-cert.pem
        right=%any
        pfs=yes

What I'm missed in the connection settings? Any suggestions?
Thank you an advance!

With best regards,
Artem

More information about the Users mailing list