[Openswan Users] Openswan connection difficulties
Steve Wakelin
steve at wcsl.net
Wed Jun 30 17:16:11 CEST 2004
Jacco,
Excellent. Removing the leftsubnet established the connection ;-)
But I'm back to this again
route-host output: /usr/local/lib/ipsec/_updown: doroute `ip route add
62.49.34.242/32 via 62.49.34.242 dev ipsec0 ' failed (RTNETLINK answers:
Network is unreachable)
Which is resolved by
# ip route add 62.49.34.242 dev ipsec0
Suppose I'd better start investigating l2tp servers and their
interoperability with Samba....
Regards
/Steve
-----Original Message-----
From: Jacco de Leeuw [mailto:jacco2 at dds.nl]
Sent: 30 June 2004 15:46
To: Openswan Users
Subject: Re: [Openswan Users] Openswan connection difficulties
Steve Wakelin wrote:
> conn sisl
> left=213.232.93.110
> leftsubnet=172.16.200.2/32
> leftcert=www.sfpost.net.pem
> right=%any
> rightcert=mail.sis-l.com.pem
> leftprotoport=17/0
> rightprotoport=17/1701
> auto=add
> pfs=no
>
> Jun 30 15:26:31 p4-7165 pluto[15750]: "sisl"[3] 62.49.34.242 #3:
cannot
> respond to IPsec SA request because no connection is known for
> 213.232.93.110[C=GB, ST=Hertfordshire, L=Harpenden, O=WCSL,
OU=sfbackup,
> CN=www.sfpost.net, E=support at wcsl.net,S=C]:17/0...62.49.34.242[C=GB,
> ST=Hertfordshire, L=Harpenden, O=WCSL, OU=sfbackup, CN=mail.sis-l.com,
> E=support at wcsl.net,S=C]:17/1701
This is a configuration for L2TP over IPsec. Are you sure you want that
and not Marcus Mueller's IPSEC.EXE?
For L2TP/IPsec you need an L2TP server and you will also have to remove
the
leftsubnet= line.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list