[Openswan Users] X-WRT (Openwrt) - "inet: Unknown host" & "We cannot identify ourselves with either end of this connection" errors - HELP PLEASE !!!

Sergio Aguilera checho.aguilera at gmail.com
Tue May 1 08:32:30 EDT 2007 

Hi All, I have been have some issues trying to setup an  IPSec VPN
between Mitsubishi R100 (Asus WL500g) with X-WRT (White Russian  0.9)
and a Billion 7404VGM Router.

I'm getting the following errors:

1-)  "ifconfig: inet: Unknown host" error when I start/restart IPSec

root at OpenWrt:/bin$ ipsec setup restart
ipsec_setup: rmmod: ipsec: Success

ipsec_setup: Stopping Openswan IPsec...

ipsec_setup: Starting Openswan IPsec 2.4.6...

ipsec_setup: insmod: a module named ipsec already exists

ipsec_setup: ifconfig: inet: Unknown host

2-) "We cannot identify ourselves with either end of this connection"
when I try and bring up a tunnel

root at OpenWrt:/etc/ipsec.d/private$ ipsec auto --up bonny
022 "bonny": We cannot identify ourselves with either end of this connection.

The only clue that I have been able to find is on the following post
(http://lists.openswan.org/pipermail/users/2007-April/012212.html)
which talks about and issue with ifconfig in Busybox 1.4.0.

I'm clueless as to how I should attempt to fix this problem and I
would appreciate your help as I have now spent a long time trying to
get this sorted.

Thanks,

Sergio


More Information about my configuration follows ...

root at OpenWrt:/bin$ cat /etc/banner
  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 WHITE RUSSIAN (0.9) -------------------------------
  * 2 oz Vodka   Mix the Vodka and Kahlua together
  * 1 oz Kahlua  over ice, then float the cream or
  * 1/2oz cream  milk on the top.
 ---------------------------------------------------


============================================================
root at OpenWrt:/bin$ ./busybox --help
BusyBox v1.4.0 (2007-02-24 00:35:56 EST) multi-call binary
Copyright (C) 1998-2006  Erik Andersen, Rob Landley, and others.
Licensed under GPLv2.  See source distribution for full notice.

============================================================
root at OpenWrt:/bin$ cat /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.4 2006/07/11 16:17:53 paul Exp $

# This file:  /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0  # conforms to second version of ipsec.conf specification

# basic configuration
config setup
  # plutodebug / klipsdebug = "all", "none" or a combation from below:
  # "raw crypt parsing emitting control klips pfkey natt x509 private"
  # eg:
  # plutodebug="control parsing"
  #
  # Only enable klipsdebug=all if you are a developer
  #
  # NAT-TRAVERSAL support, see README.NAT-Traversal
  nat_traversal=yes
  interfaces="ipsec0=br0"
  # virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
  #
  # enable this if you see "failed to find any available worker"
  nhelpers=0

# Add connections here
include /etc/ipsec.d/private/bonny

# sample VPN connections, see /etc/ipsec.d/examples/

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

============================================================

root at OpenWrt:/bin$ cat /etc/ipsec.d/private/bonny
conn bonny
  #left side is home
  left=202.168.21.181
  leftid=202.168.21.181
  leftsubnet=192.168.168.0/24
  leftnexthop=%defaultroute
  #right side is work
  right=60.242.104.57
  rightid=60.242.104.57
  rightsubnet=192.168.168.0/24
  keyexchange=ike
  ike=3des-sha1-modp1024
  auth=esp
  authby=secret
  #specify encryption FortiGate VPN uses
  esp=3des
  #Disable perfect forward secrecy (default yes)
  pfs=no
  keylife=28800s
  keyingtries=3
  auto=start
root at OpenWrt:/bin$
============================================================

root at OpenWrt:/bin$ ipsec setup restart
ipsec_setup: rmmod: ipsec: Success

ipsec_setup: Stopping Openswan IPsec...

ipsec_setup: Starting Openswan IPsec 2.4.6...

ipsec_setup: insmod: a module named ipsec already exists

ipsec_setup: ifconfig: inet: Unknown host

root at OpenWrt:/bin$

============================================================

root at OpenWrt:/etc/ipsec.d/private$ ipsec auto --up bonny
022 "bonny": We cannot identify ourselves with either end of this connection.

============================================================

root at OpenWrt:/etc/ipsec.d/private$ ifconfig
br0       Link encap:Ethernet  HWaddr 00:11:2F:E0:FE:A2
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13658 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14811 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1510740 (1.4 MiB)  TX bytes:8879236 (8.4 MiB)

eth0      Link encap:Ethernet  HWaddr 00:11:2F:E0:FE:A2
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:13656 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18327 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1756374 (1.6 MiB)  TX bytes:9181807 (8.7 MiB)
          Interrupt:3

eth1      Link encap:Ethernet  HWaddr 00:11:2F:E0:FE:A2
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12342 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9424 errors:0 dropped:0 overruns:0 carrier:9416
          collisions:0 txqueuelen:1000
          RX bytes:8183250 (7.8 MiB)  TX bytes:1907170 (1.8 MiB)
          Interrupt:4

eth2      Link encap:Ethernet  HWaddr 00:11:2F:E0:FE:A2
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:19483
          TX packets:0 errors:1 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:6 Base address:0x2000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ppp0      Link encap:Point-to-Point Protocol
          inet addr:202.168.21.181  P-t-P:203.221.196.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
          RX packets:11040 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8947 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:5
          RX bytes:7795709 (7.4 MiB)  TX bytes:1643948 (1.5 MiB)

More information about the Users mailing list