[Openswan Users] Can't ping

Paul Wouters paul at xelerance.com
Mon Jun 6 18:29:28 CEST 2005 

On Mon, 6 Jun 2005, simprix wrote:

> I am trying to setup a net-to-net connection. It worked under linux 2.4
> with openswan 1.0.7. I am using gentoo

> When i try to establish the connection with ipsec auto --up mrc-to-hope
> I get this
>
> 104 "mrc-to-hope" #15: STATE_MAIN_I1: initiate
> 106 "mrc-to-hope" #15: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "mrc-to-hope" #15: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "mrc-to-hope" #15: STATE_MAIN_I4: ISAKMP SA established
> 112 "mrc-to-hope" #16: STATE_QUICK_I1: initiate
> 010 "mrc-to-hope" #16: STATE_QUICK_I1: retransmission; will wait 20s for
> response

#
Jun  6 10:16:35 gw003 pluto[8526]: "hope-to-mrc" #1: ignoring informational payload, type INVALID_MESSAGE_ID
#
Jun  6 10:16:35 gw003 pluto[8526]: "hope-to-mrc" #1: received and ignored informational message
#
Jun  6 10:16:40 gw003 pluto[8526]: "hope-to-mrc" #1: cannot respond to IPsec SA request because no connection is known for 192.168.2.0/24===134.215.193.86[@gw003.cdsoc.org]...134.215.193.94[@gw001.cdsoc.org]===192.168.10.0/24

So something is wrong with the connection definition. Both ends do not agree. Checking your connection:

> Links to ipsec barf for sites
>
> MRC
>
> http://pastebin.ca/13540
>
> HOPE
>
> http://pastebin.ca/13542

conn mrc-to-hope
         left=134.215.193.94
         leftsubnet=192.168.10.0/24
         leftid=@gw001.cdsoc.org
         leftrsasigkey=.....
         leftnexthop=%defaultroute
         right=134.215.193.86
         rightsubnet=192.168.2.0/24
         rightid=@gw003.cdsoc.org
         rightrsasigkey=...
         rightnexthop=%defaultroute
         authby=rsasig
         auto=start


conn hope-to-mrc
         left=134.215.193.86
         leftsubnet=192.168.2.0/24
         leftid=@gw003.cdsoc.org
         leftrsasigkey=....
         leftnexthop=%defaultroute
         right=134.215.193.94
         rightsubnet=192.168.1.0/24
         rightid=@gw001.cdsoc.org
         rightrsasigkey=....
         rightnexthop=%defaultroute
         authby=rsasig
         auto=start

you can see that one end is using 192.168.2.0/24 and the other end is using 192.168.10.0/24.

Also note from the barf:

Two or more interfaces found, checking IP forwarding                    [FAILED]

You should edit /etc/sysctl.conf and enable forwarding (run sysctl -p once)

Paul

More information about the Users mailing list