[Openswan Users] phase I established, but the tunnel DON'T START

[Paul Wouters]

On Thu, 11 Oct 2007, antonio wrote:

> # basic configuration
> config setup
>         plutodebug="control"
>         nat_traversal=yes
>         interfaces=%defaultroute
>         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> # Add connections here
> conn tunel
>         pfs=no
>         type=tunnel
>         auto=add
>         auth=esp
>         authby=secret
>         left=%defaultroute
>         leftnexthop=192.168.0.1
>         leftid="@tunel-left"
>         right=89.4.135.2
>         rightid="@tunel-right"

Oct 11 17:34:17 marces pluto[32718]: "tunel2" #1: cannot respond to
IPsec SA request because no connection is known for
89.4.135.2[@tunel-right]...89.4.135.1[@tunel-left]===192.168.0.3/32

> # basic configuration
> config setup
>         plutodebug="control"
>         nat_traversal=yes
>         interfaces="ipsec0=eth0 "
>         virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> # Add connections here
>
> conn tunel
>         pfs=no
>         type=tunnel
>         auto=add
>         auth=esp
>         authby=secret
>         left=192.168.10.25
>         right=192.168.10.1
>
> conn tunel2
>         pfs=no
>         type=tunnel
>         auto=add
>         auth=esp
>         authby=secret
>         left=89.4.135.2
>         leftid="@tunel-right"
>         right=89.4.135.1
>         rightnexthop=192.168.0.3
>         rightid="@tunel-left"

You are missing rightsubnet=vhost:%priv,%no

Note that, as the ipsec.conf says, do not enable debugging unless you are
requested to do so. It is making it harder to help with configuration
mistakes.

Paul