[Openswan Users] Network is unreachable!

Humberto Aicardi humberto.aicardi at freenet.com.br
Fri May 7 13:24:19 CEST 2004 

Hi,
 
            I have the following scenario:
 
            192.168.123.0/24 --> 100.54.5.81 (gw/openswan) -->
100.54.5.65(router) --> <-- 100.55.254.7(router) <--
100.55.254.1(gw/pix) <-- 10.172.0.0/29 (internal)
 
The ipsec.conf file looks like this:
 
config setup
        interfaces=%defaultroute
        klipsdebug=all
        plutodebug=all
        uniqueids=yes
 
conn metrored
        type=tunnel
        left=100.54.6.81
        leftnexthop=100.54.6.65
        leftsubnet=192.168.123.0/24
        right=100.55.254.1
        rightsubnet=10.172.0.0/29
        rightnexthop=100.55.254.7
        esp=3des-md5-96
        keyexchange=ike
        pfs=no
        authby=secret
        auto=start
 
 
The log file generated is:
 
May  7 18:04:44 firewall authpriv.debug pluto[27097]: | pfkey_get:
SADB_X_ADDFLOW message 12
May  7 18:04:44 firewall authpriv.debug pluto[27097]: | executing
up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client'
PLUTO_CONNECTION='myvpn' PLUTO_NEXT_HOP='100.54.6.65'
PLUTO_INTERFACE='ipsec0' PLUTO_ME='100.54.6.81'
PLUTO_MY_ID='100.54.6.81' PLUTO_MY_CLIENT='192.168.123.0/24'
PLUTO_MY_CLIENT_NET='192.168.123.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='100.55.254.1'
PLUTO_PEER_ID='100.55.254.1' PLUTO_PEER_CLIENT='10.172.0.0/29'
PLUTO_PEER_CLIENT_NET='10.172.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.248' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
May  7 18:04:44 firewall authpriv.debug pluto[27097]: | executing
prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client'
PLUTO_CONNECTION='myvpn' PLUTO_NEXT_HOP='100.54.6.65'
PLUTO_INTERFACE='ipsec0' PLUTO_ME='100.54.6.81'
PLUTO_MY_ID='100.54.6.81' PLUTO_MY_CLIENT='192.168.123.0/24'
PLUTO_MY_CLIENT_NET='192.168.123.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='100.55.254.1'
PLUTO_PEER_ID='100.55.254.1' PLUTO_PEER_CLIENT='10.172.0.0/29'
PLUTO_PEER_CLIENT_NET='10.172.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.248' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
May  7 18:04:45 firewall authpriv.warn pluto[27097]: "myvpn" #2:
prepare-client output: /usr/local/lib/ipsec/_updown: `route del -net
10.172.0.0 \011\011\011\011\011netmask 255.255.255.248 2>&1' failed
(route: SIOC[ADD|DEL]RT: No such process)
May  7 18:04:45 firewall authpriv.warn pluto[27097]: "myvpn" #2:
prepare-client command exited with status 1
May  7 18:04:45 firewall authpriv.debug pluto[27097]: | executing
route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client'
PLUTO_CONNECTION='myvpn' PLUTO_NEXT_HOP='100.54.6.65'
PLUTO_INTERFACE='ipsec0' PLUTO_ME='100.54.6.81'
PLUTO_MY_ID='100.54.6.81' PLUTO_MY_CLIENT='192.168.123.0/24'
PLUTO_MY_CLIENT_NET='192.168.123.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='100.55.254.1'
PLUTO_PEER_ID='100.55.254.1' PLUTO_PEER_CLIENT='10.172.0.0/29'
PLUTO_PEER_CLIENT_NET='10.172.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.248' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
May  7 18:04:45 firewall authpriv.warn pluto[27097]: "myvpn" #2:
route-client output: route: SIOC[ADD|DEL]RT: Network is unreachable
May  7 18:04:45 firewall authpriv.warn pluto[27097]: "myvpn" #2:
route-client output: /usr/local/lib/ipsec/_updown: `route add -net
10.172.0.0 netmask 255.255.255.248 dev ipsec0 gw 100.54.6.65' failed
May  7 18:04:45 firewall authpriv.warn pluto[27097]: "myvpn" #2:
route-client command exited with status 1
May  7 18:04:45 firewall authpriv.debug pluto[27097]: | executing
down-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='down-client'
PLUTO_CONNECTION='myvpn' PLUTO_NEXT_HOP='100.54.6.65'
PLUTO_INTERFACE='ipsec0' PLUTO_ME='100.54.6.81'
PLUTO_MY_ID='100.54.6.81' PLUTO_MY_CLIENT='192.168.123.0/24'
PLUTO_MY_CLIENT_NET='192.168.123.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='100.55.254.1'
PLUTO_PEER_ID='100.55.254.1' PLUTO_PEER_CLIENT='10.172.0.0/29'
PLUTO_PEER_CLIENT_NET='10.172.0.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.248' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' ipsec _updown
May  7 18:04:45 firewall authpriv.debug pluto[27097]: | delete eroute
192.168.123.0/24:0 -> 10.172.0.0/29:0 => tun.1002 at 100.55.254.1:0
May  7 18:04:45 firewall authpriv.debug pluto[27097]: |
finish_pfkey_msg: SADB_X_DELFLOW message 13 for flow
tun.1002 at 100.55.254.1
May  7 18:04:45 firewall authpriv.debug pluto[27097]: |   02 0f 00 09
0e 00 00 00  0d 00 00 00  d9 69 00 00
 
My problem is that even tough the "LEFTNEXTHOP" is correct it throws an
en error saying "Network is unreachable" can anyone provide me with some
help?
 
Regards,
Humberto
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040507/16b49b34/attachment-0001.htm

More information about the Users mailing list