[Openswan Users] no default routes
Chris McKeever
techjedi at gmail.com
Tue Sep 21 10:51:17 CEST 2004
On Tue, 21 Sep 2004 12:00:22 +0200 (MET DST), Paul Wouters
<paul at xelerance.com> wrote:
> On Mon, 20 Sep 2004, Chris McKeever wrote:
>
> > The following ipsec.conf allows for a connection..I can ping both
> > sides of the openswan machine (192.168.250.1/192.168.0.13) - but that
> > is about it, I cant ping anything else on the 192.168.0.0 network)
>
> Yes, a host to host connection will work fine. It's the subnet you
> cannot do in the current way.
>
> > I am going to assume that this is caused by your statement right
> > above..so, is there anyway I can make this connection work as I am
> > trying?
>
> No.
> You should probably renumber one ipsec machine on the other end,
> give it another range ip, use that to setup the tunnel and then
> you can tunnel the 192.168.200.0/24 subnet over that.
>
Paul - thanks for your insight
That is the tricky part - they are both connected via a hub - not sure
how I would get it to work correctly I did find out that the reason I
couldnt ping was because of the default gateway - it wasnt going out
the correct door - but I have yet to figure out how to get it out the
correct door
what I am trying to do is create a tunnel between two machines on the
same network - so it is hard to have the two 'public' IP's (they are
the 192.168.250.x addresses, which I realize are private) not be on
the same network..I am not trying to set up a full time tunnel - just
one based on 'roadwarriors' connecting through a WAP
I also tried to do it so it used the WAP's internet port (instead of
just through the lan), but I couldn't get it to connect
config setup
interfaces="ipsec0=eth1"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
plutowait=no
uniqueids=yes
conn %default
keyingtries=0
conn statis
left=192.168.250.1
leftsubnet=192.168.0.0/24
leftnexthop=%direct
right=%any
#rightsubnet=
#rightnexthop=192.168.250.1
compress=no
auto=add
ike=aes,3des
esp=aes,3des
Sep 20 20:02:30 smoothwall pluto[29931]: packet from
192.168.250.10:500: ignoring Vendor ID payload [SSH Communications
Security IPSEC Express version 4.1.0]
Sep 20 20:02:30 smoothwall pluto[29931]: "statis"[1] 192.168.250.10
#1: responding to Main Mode from unknown peer 192.168.250.10
Sep 20 20:02:30 smoothwall pluto[29931]: "statis"[1] 192.168.250.10
#1: transition from state (null) to state STATE_MAIN_R1
Sep 20 20:02:30 smoothwall pluto[29931]: "statis"[1] 192.168.250.10
#1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 20 20:02:30 smoothwall pluto[29931]: "statis"[1] 192.168.250.10
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Sep 20 20:02:30 smoothwall pluto[29931]: "statis"[1] 192.168.250.10
#1: Main mode peer ID is ID_IPV4_ADDR: '192.168.200.20'
Sep 20 20:02:30 smoothwall pluto[29931]: "statis"[1] 192.168.250.10
#1: no suitable connection for peer '192.168.200.20'
Sep 20 20:02:30 smoothwall pluto[29931]: "statis"[1] 192.168.250.10
#1: sending notification INVALID_ID_INFORMATION to 192.168.250.10:500
Sep 20 20:03:40 smoothwall pluto[29931]: "statis"[1] 192.168.250.10
#1: max number of retransmissions (2) reached STATE_MAIN_R2
Sep 20 20:03:40 smoothwall pluto[29931]: "statis"[1] 192.168.250.10:
deleting connection "statis" instance with peer 192.168.250.10
> Paul
>
> > config setup
> > interfaces="ipsec0=eth1"
> > klipsdebug=none
> > plutodebug=none
> > plutoload=%search
> > plutostart=%search
> > plutowait=no
> > uniqueids=yes
> >
> > conn %default
> > keyingtries=0
> >
> > conn statis
> > left=192.168.250.1
> > leftsubnet=192.168.0.0/24
> > leftnexthop=%direct
> > right=%any
> > #rightsubnet=192.168.200.0/24
> > #rightnexthop=192.168.250.1
> > compress=no
> > auto=add
> > ike=aes,3des
> > esp=aes,3des
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
>
>
> >
>
> --
> "Non cogitamus, ergo nihil sumus"
>
More information about the Users
mailing list