[Openswan Users] Problem making LAN 2 LAN Network

Tiago Freitas Leal tfl at netcabo.pt
Thu Oct 14 13:52:02 CEST 2004


You can have both sides on dynamic IP if both use dynamic DNS.
janus watcher http://sourceforge.net/projects/janus-watcher/
keeps an eye on IPs of dynamic DNS and replaces the connection
with a new one when the IP changes.

----- Original Message ----- 
From: "Abdul-Wahid Paterson" <abdulwahid at gmail.com>
To: "Jan Madsen" <jan at im-teknik.dk>
Cc: <users at openswan.org>
Sent: Thursday, October 14, 2004 12:39 PM
Subject: Re: [Openswan Users] Problem making LAN 2 LAN Network


> Also, you can't have both ends of the link on dynamic IPs
> otherwise...how would they know where to connect?...YOu must have at
> least one end with a static IP. (Unless you used dynamic DNS with some
> fancy scripting) :)
>
> Abdul-Wahid
>
>
> On Thu, 14 Oct 2004 12:21:42 +0200, Jan Madsen <jan at im-teknik.dk> wrote:
> > Hallo everybody
> > I have tried to make a simple LAN 2 LAN with OpenSWAN. When I try to
start
> > the IPsec I get the error
> > VPN-server ipsec__plutorun: ...could not start conn "l2l"
> > In /var/log/messeges
> >
> > My configuration is like this.
> >
> > VPN Box on Network A 192.168.40.0/24
> > IP Address at Local     192.168.40.1/24
> > IP Address at Remote    192.168.0.80/24
> >
> > VPN Box on Network B 192.168.41.0/24
> > IP Address at Local     192.168.41.1/24
> > IP Address At Remote    192.168.0.81/24
> >
> > 192.168.40.1 |----|192.168.0.80  (VPN Line)    |----|192.168.41.1
> > -------------| A  |----------------------------| B  |----------
> >           |----|                192.168.0.81|----|
> >
> > Now here is my configuration (ipsec.conf) on VPN BOX A
> >
> > include /etc/ipsec.d/examples/no_oe.conf
> >
> > config setup
> >         interfaces=%defaultroute
> >         nat_traversal=yes
> >
> >
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,!%v4:192
> > .168.0.0/24
> >         klipsdebug=none
> >         plutodebug=none
> >
> > conn l2l
> >         left=192.168.0.80
> >         leftsubnet=192.168.41.0/24
> >         leftnexthop=%defaultroute
> >
> >         right=192.168.0.81
> >         rightsubnet=192.168.40.0/24
> >         rightnexthop=%defaultroute
> >
> >         auto=start
> >
> > And this is my error in /var/log/messages
> >
> > Oct 14 09:14:17 VPN-server ipsec_setup: KLIPS ipsec0 on eth0
> > 192.168.0.80/255.255.255.0 broadcast 192.168.0.255
> > Oct 14 09:14:18 VPN-server ipsec_setup: ...Openswan IPsec started
> > Oct 14 09:14:18 VPN-server ipsec_setup: Starting Openswan IPsec
> > U2.2.0/K2.6.5-1.358...
> > Oct 14 09:14:19 VPN-server ipsec__plutorun: 104 "l2l" #1: STATE_MAIN_I1:
> > initiate
> > Oct 14 09:14:19 VPN-server ipsec__plutorun: ...could not start conn
"l2l"
> >
> > I have tried to install another version of OpenSWAN but is the same
error,
> > and I can't get my VPN up going.
> > I can't see what I have done wrong... but my route looks weird hmmm...
> > The 192.168.40.0 network is NOT at 192.168.0.2 it's on 192.168.0.81
> > I have tried to change the rightnexthop, and my leftnexthop to
192.168.0.81
> > And then the route looks okay, but I still have the errors in my
> > /var/log/messages
> >
> > Route -n
> > 192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0
eth0
> > 192.168.40.0    192.168.0.2     255.255.255.0   UG    0      0        0
eth0
> > 192.168.41.0    0.0.0.0         255.255.255.0   U     0      0        0
eth1
> > 169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0
eth1
> > 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0
lo
> > 0.0.0.0         192.168.0.2     0.0.0.0         UG    0      0        0
eth0
> >
> > Best regards
> > Jan Madsen
> > Im_Teknik & Data
> > +45 9776 1193     Office Phone
> > +45 2368 8533     Work Cell Phone
> >
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> >
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users



More information about the Users mailing list