[Openswan Users] Problem making LAN 2 LAN Network

Abdul-Wahid Paterson abdulwahid at gmail.com
Thu Oct 14 13:39:59 CEST 2004 

You can't have both sides with %defaulttroute. That is just a keyword
for finding the IP of your outbound interface which is useful if you
are on a link like ADSL that has a dynamic IP.

The IP for the other end should be %any.

Also, you can't have both ends of the link on dynamic IPs
otherwise...how would they know where to connect?...YOu must have at
least one end with a static IP. (Unless you used dynamic DNS with some
fancy scripting) :)

Abdul-Wahid


On Thu, 14 Oct 2004 12:21:42 +0200, Jan Madsen <jan at im-teknik.dk> wrote:
> Hallo everybody
> I have tried to make a simple LAN 2 LAN with OpenSWAN. When I try to start
> the IPsec I get the error
> VPN-server ipsec__plutorun: ...could not start conn "l2l"
> In /var/log/messeges
> 
> My configuration is like this.
> 
> VPN Box on Network A 192.168.40.0/24
> IP Address at Local     192.168.40.1/24
> IP Address at Remote    192.168.0.80/24
> 
> VPN Box on Network B 192.168.41.0/24
> IP Address at Local     192.168.41.1/24
> IP Address At Remote    192.168.0.81/24
> 
> 192.168.40.1 |----|192.168.0.80  (VPN Line)    |----|192.168.41.1
> -------------| A  |----------------------------| B  |----------
>           |----|                192.168.0.81|----|
> 
> Now here is my configuration (ipsec.conf) on VPN BOX A
> 
> include /etc/ipsec.d/examples/no_oe.conf
> 
> config setup
>         interfaces=%defaultroute
>         nat_traversal=yes
> 
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,!%v4:192
> .168.0.0/24
>         klipsdebug=none
>         plutodebug=none
> 
> conn l2l
>         left=192.168.0.80
>         leftsubnet=192.168.41.0/24
>         leftnexthop=%defaultroute
> 
>         right=192.168.0.81
>         rightsubnet=192.168.40.0/24
>         rightnexthop=%defaultroute
> 
>         auto=start
> 
> And this is my error in /var/log/messages
> 
> Oct 14 09:14:17 VPN-server ipsec_setup: KLIPS ipsec0 on eth0
> 192.168.0.80/255.255.255.0 broadcast 192.168.0.255
> Oct 14 09:14:18 VPN-server ipsec_setup: ...Openswan IPsec started
> Oct 14 09:14:18 VPN-server ipsec_setup: Starting Openswan IPsec
> U2.2.0/K2.6.5-1.358...
> Oct 14 09:14:19 VPN-server ipsec__plutorun: 104 "l2l" #1: STATE_MAIN_I1:
> initiate
> Oct 14 09:14:19 VPN-server ipsec__plutorun: ...could not start conn "l2l"
> 
> I have tried to install another version of OpenSWAN but is the same error,
> and I can't get my VPN up going.
> I can't see what I have done wrong... but my route looks weird hmmm...
> The 192.168.40.0 network is NOT at 192.168.0.2 it's on 192.168.0.81
> I have tried to change the rightnexthop, and my leftnexthop to 192.168.0.81
> And then the route looks okay, but I still have the errors in my
> /var/log/messages
> 
> Route -n
> 192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
> 192.168.40.0    192.168.0.2     255.255.255.0   UG    0      0        0 eth0
> 192.168.41.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1
> 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
> 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
> 0.0.0.0         192.168.0.2     0.0.0.0         UG    0      0        0 eth0
> 
> Best regards
> Jan Madsen
> Im_Teknik & Data
> +45 9776 1193     Office Phone
> +45 2368 8533     Work Cell Phone
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

More information about the Users mailing list