[Openswan Users] FreeS/WAN setup problem

[Klaus Schmidinger]

I am running freeswan 1.99 on SuSE Linux 8.2 (kernel 2.4.20) in
the office, and freeswan 1.91 on SuSE 7.3 (kernel 2.4.10) at home.

What I want to do is connect the gateway computer in the office
(and the masqueraded network behind it) with my gateway and masqueraded
network at home. The office gateway has a fixed IP number, while my
home gateway has a dynamic IP number.

My /etc/ipsec.conf at the office gateway looks like this:
-------------------------------------------------------------------
conn officenet-homenet
        also=office
        leftsubnet=192.168.1.0/24
        also=home
        rightsubnet=192.168.100.0/24
        auto=add

#conn office-home
#        also=office
#        also=home
#        auto=add
#
#conn officenet-home
#        also=office
#        leftsubnet=192.168.1.0/24
#        also=home
#        auto=add
#
#conn office-homenet
#        also=office
#        also=home
#        rightsubnet=192.168.100.0/24
#        auto=add

conn office
        leftid=@office.mynet.de
        left=100.1.2.1
        leftnexthop=100.1.2.9
        leftfirewall=yes
        leftrsasigkey=0sAQPbqXfRK+m08...

conn home
        rightid=@home.mynet.de
        right=%any
        rightfirewall=yes
        rightrsasigkey=0sAQNV1Jt2KRYh1o...
-------------------------------------------------------------------

The /etc/ipsec.conf at the home gateway looks like this:
-------------------------------------------------------------------
conn officenet-homenet
        also=office
        rightsubnet=192.168.1.0/24
        also=home
        leftsubnet=192.168.100.0/24
        auto=start

#conn office-home
#        also=office
#        also=home
#        auto=start
#
#conn officenet-home
#        also=office
#        rightsubnet=192.168.1.0/24
#        also=home
#        auto=start
#
#conn office-homenet
#        also=office
#        also=home
#        leftsubnet=192.168.100.0/24
#        auto=start

conn office
        rightid=@office.mynet.de
        right=100.1.2.1
        #rightnexthop=100.1.2.9
        rightfirewall=yes
        rightrsasigkey=0sAQPbqXfRK+m08...

conn home
        leftid=@home.mynet.de
        left=%defaultroute
        leftfirewall=yes
        leftrsasigkey=0sAQNV1Jt2KRYh1o...
-------------------------------------------------------------------

With this setup (static IP numbers are fake) I can access the
office gateway and network behind it from every computer in the
home net, except the home gateway. The same applies the other
way round.

As soon as I activate the lines that are currently commented out
(and which, as far as I understand this, are needed to allow
every computer to access every other one), nothing works any
more and I get "martian" error messages in the log file of
the home gateway:

home kernel: martian source 217.84.76.70 from 100.1.2.1, on dev ppp0

where 217.84.76.70 was the IP number my home gateway had at that time.


Can somebody please take a look at the above setup, and maybe
tell me if I made some stupid mistake?

Klaus