[Openswan Users] RTNETLINK answers: Network is unreachable

Xavier Mauricio Tirado Luna xaviertirado at hotmail.com
Mon Nov 5 14:03:22 EST 2007 

Dear users,
 
I got a problem, 
 
RTNETLINK answers: Network is unreachable
 
Everything looks fine, i tried in a VMWare configuration and it worked out but when i take it to the real world it goes bad.
 
Here my ipsec.conf 
version 2.0
config setup        interfaces=%defaultroute
conn vpncom        compress=yes        left=190.152.1.157        leftsubnet=192.168.0.0/24        #leftid=@vpnleft        leftrsasigkey=0sAQPLybKue+kfjnQ7CNEp5Yqcwbshx+qN8su+FBx2U4k+cTHXJ7sz7iO4xcqCyeLlTNs1JlSO9D1Iv1wrWeKr        right=200.25.176.90        #rightid=@vpnrigth        rightsubnet=192.168.45.0/24        rightrsasigkey=0sAQN7/0Z7GOzBUinphWzaKR+HgUhWBRNoYuUhq4QfJetiSs6CP27hCpGpWRe5fyMAWEWpBQyXNA4O7nb        authby=rsasig        #authby=secret        auto=start
conn block        auto=ignore
conn private        auto=ignore
conn private-or-clear        auto=ignore
conn clear-or-private        auto=ignore
conn clear        auto=ignore
conn packetdefault        auto=ignoreLAST lines of ipsec auto --status
 
000 "vpncom": 192.168.45.0/24===200.25.176.90...190.152.1.157===192.168.0.0/24; erouted; eroute owner: #4000 "vpncom":     srcip=unset; dstip=unset000 "vpncom":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0000 "vpncom":   policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 24,24; interface: eth0;000 "vpncom":   newest ISAKMP SA: #1; newest IPsec SA: #4;000 "vpncom":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536000000 #3: "vpncom" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 26573s000 #3: "vpncom" esp.8ac25ef4 at 190.152.1.157 esp.80410cba at 200.25.176.90 comp.6462 at 190.152.1.157 comp.69c5 at 200.25.176.90 tun.0 at 190.152.1.157 tun.0 at 200.25.176.90000 #2: "vpncom" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1372s; lastdpd=-1s(seq in:0 out:0)000 #4: "vpncom" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 26088s; newest IPSEC; eroute owner000 #4: "vpncom" esp.41d1e48f at 190.152.1.157 esp.c6c0bd4e at 200.25.176.90 comp.10c9 at 190.152.1.157 comp.a1cb at 200.25.176.90 tun.0 at 190.152.1.157 tun.0 at 200.25.176.90000 #1: "vpncom" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 808s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)000
 
some of /var/log/messages
 
Nov  5 13:27:45 contex ipsec_setup: KLIPS ipsec0 on eth0 200.25.176.90/255.255.255.248 broadcast 200.25.176.95Nov  5 13:27:45 contex ipsec_setup: ...Openswan IPsec startedNov  5 13:27:45 contex ipsec_setup: Starting Openswan IPsec 2.3.0...Nov  5 13:27:45 contex ipsec_setup: insmod /lib/modules/2.6.9-42.ELsmp/kernel/net/key/af_key.koNov  5 13:27:45 contex ipsec_setup: insmod /lib/modules/2.6.9-42.ELsmp/kernel/net/ipv4/xfrm4_tunnel.koNov  5 13:27:45 contex ipsec__plutorun: 104 "vpncom" #1: STATE_MAIN_I1: initiateNov  5 13:27:45 contex ipsec__plutorun: ...could not start conn "vpncom"
 
some of /var/log/secure
 
Nov  5 13:27:55 contex pluto[421]: "vpncom" #1: received Vendor ID payload [Dead Peer Detection]Nov  5 13:27:55 contex pluto[421]: "vpncom" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2Nov  5 13:27:55 contex pluto[421]: "vpncom" #1: I did not send a certificate because I do not have one.Nov  5 13:27:55 contex pluto[421]: "vpncom" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3Nov  5 13:27:55 contex pluto[421]: "vpncom" #1: Main mode peer ID is ID_IPV4_ADDR: '190.152.1.157'Nov  5 13:27:55 contex pluto[421]: "vpncom" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4Nov  5 13:27:55 contex pluto[421]: "vpncom" #1: ISAKMP SA establishedNov  5 13:27:55 contex pluto[421]: "vpncom" #4: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#1}Nov  5 13:27:56 contex pluto[421]: "vpncom" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2Nov  5 13:27:56 contex pluto[421]: "vpncom" #4: sent QI2, IPsec SA established {ESP=>0x41d1e48f <0xc6c0bd4e IPCOMP=>0x000010c9 <0x0000a1cb}
WHEN I CHANGE THE CONF FILE WITH AUTO=ADD IT SENDS THIS: RTNETLINK answers: Network is unreachable
 
Anybody an answer, some ideas??? plz help me out
 
 
 
 
=';'=
_________________________________________________________________
Connect to the next generation of MSN Messenger 
http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=wlmailtagline
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071105/ac69ee5b/attachment.html

More information about the Users mailing list