[Openswan Users] IKE Phase2 fails, cannot respond to IPsec SA
t.henneberger at hcs-computer.de
t.henneberger at hcs-computer.de
Tue Sep 28 11:06:25 CEST 2004
Hello Paul
> On Mon, 27 Sep 2004 paul at xelerance.com wrote:
>
> Well yes, this is impossible.
>
> 2) you are trying to connect from an IP range 192.168.1.111 that is part
> of the remote leftsubnet, while building a leftsubnet tunnel. Similar
> warping of space, goto 1.
>
> I am not sure what you were defining here, but this won't work. I'll assume
> that you are trying to protect your wireless and want to build a tunnel
> the the IPsec server in the same lan, tunneling all your traffic through it.
>
> This would be something like (on the server):
>
> left=192.168.1.35
> leftsubnet=0.0.0.0/0
> right=%any
>
> and on the client:
>
> left=%defaultroute
> right=192.168.1.35
> rightsubnet=0.0.0.0/0
>
> Paul
I am trying to establish the most basic VPN tunnel there is for testing
purpose. The VPN Server is at 192.168.1.35, the Win2k machine trying
to connect to it is at 192.168.1.111.
I tried your config and I get the same error.
Could it be that it is not possible to establish a VPN tunnel with 2
machines on the same net?
According to my books and docs there should be no problem though...
left=192.168.1.35 is the IP of my Linux, leftsubnet is not defined,
so default is left/32, leftnexthop is not defined, so default is the gateway.
Right=%any is for the roadwarrior, in this case 192.168.1.111.
I have the feeling I either overlooked something or there is a
serious missunderstanding of how VPN works on my side.
Thanks for your help.
More information about the Users
mailing list