[Openswan Users] Problem making LAN 2 LAN Network

Jan Madsen Jan at im-teknik.dk
Thu Oct 14 13:21:42 CEST 2004 

Hallo everybody
I have tried to make a simple LAN 2 LAN with OpenSWAN. When I try to start
the IPsec I get the error 
VPN-server ipsec__plutorun: ...could not start conn "l2l"
In /var/log/messeges

My configuration is like this.

VPN Box on Network A 192.168.40.0/24
IP Address at Local	192.168.40.1/24
IP Address at Remote 	192.168.0.80/24


VPN Box on Network B 192.168.41.0/24
IP Address at Local	192.168.41.1/24
IP Address At Remote	192.168.0.81/24


192.168.40.1 |----|192.168.0.80  (VPN Line)    |----|192.168.41.1
-------------| A  |----------------------------| B  |----------
	  |----|                192.168.0.81|----|
	  

Now here is my configuration (ipsec.conf) on VPN BOX A

include /etc/ipsec.d/examples/no_oe.conf

config setup
        interfaces=%defaultroute
        nat_traversal=yes
 
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,!%v4:192
.168.0.0/24
        klipsdebug=none
        plutodebug=none

conn l2l
        left=192.168.0.80
        leftsubnet=192.168.41.0/24
        leftnexthop=%defaultroute

        right=192.168.0.81
        rightsubnet=192.168.40.0/24
        rightnexthop=%defaultroute

        auto=start

And this is my error in /var/log/messages

Oct 14 09:14:17 VPN-server ipsec_setup: KLIPS ipsec0 on eth0
192.168.0.80/255.255.255.0 broadcast 192.168.0.255 
Oct 14 09:14:18 VPN-server ipsec_setup: ...Openswan IPsec started
Oct 14 09:14:18 VPN-server ipsec_setup: Starting Openswan IPsec
U2.2.0/K2.6.5-1.358...
Oct 14 09:14:19 VPN-server ipsec__plutorun: 104 "l2l" #1: STATE_MAIN_I1:
initiate
Oct 14 09:14:19 VPN-server ipsec__plutorun: ...could not start conn "l2l"


I have tried to install another version of OpenSWAN but is the same error,
and I can't get my VPN up going.
I can't see what I have done wrong... but my route looks weird hmmm...
The 192.168.40.0 network is NOT at 192.168.0.2 it's on 192.168.0.81
I have tried to change the rightnexthop, and my leftnexthop to 192.168.0.81
And then the route looks okay, but I still have the errors in my
/var/log/messages

Route -n
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.40.0    192.168.0.2     255.255.255.0   UG    0      0        0 eth0
192.168.41.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         192.168.0.2     0.0.0.0         UG    0      0        0 eth0


Best regards
Jan Madsen
Im_Teknik & Data
+45 9776 1193     Office Phone
+45 2368 8533     Work Cell Phone

More information about the Users mailing list