[Openswan Users] Can't get the road warrior example to work.

Michael Rychlik michael.rychlik at gmail.com
Mon Dec 21 09:27:20 EST 2009 

Than you for the prompt response Paul. After adding your suggestions to my
configuration I am getting an ERROR: in my log.

My current server end config is this:

config setup
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        nhelpers=0


conn road
    left=194.79.19.179             # Gateway's information
    leftid=@fits-server.rsm.fi     #
    leftrsasigkey=0sAQOdTUwf......
..........
    rightnexthop=%defaultroute

    right=%any                     # Wildcard: we don't know the laptop's IP
    rightsubnet=vhost:%priv,%no

    rightid=@rsm-1.rsm.fi          #
    rightrsasigkey=0sAQOA59S41zh9

    auto=add                       # authorizes but doesn't start this
connection at startup

include /etc/ipsec.d/examples/no_oe.conf

My current client configuration is this:

config setup
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
        nhelpers=0


conn road
    left=%defaultroute             # Picks up our dynamic IP
    leftnexthop=%defaultroute

    leftid=@rsm-1.rsm.fi           # Local information
    leftrsasigkey=0sAQOA59..............

    right=194.79.19.179            # Remote information
    rightid=@fits-server.rsm.fi    #
    rightrsasigkey=0sAQOdTU.......

    auto=add                       # authorizes but doesn't start this

include /etc/ipsec.d/examples/no_oe.conf


The ERROR in the server end logs goes like :

..."road"[1] 62.237.208.66 #4: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1536}
..."road"[1] 62.237.208.66 #5: ERROR: netlink_get_spi for
esp.0 at 194.79.19.179/4096/4294967295<http://esp%2E0@194.79.19.179/4096/4294967295>failed
with errno 22: Invalid argument
..."road"[1] 62.237.208.66 #5: responding to Quick Mode {msgid:e47722c0}
..."road"[1] 62.237.208.66 #5: ERROR: netlink response for Add SA
esp.0 at 194.79.19.179 included errno 22: Invalid argument
..."road"[1] 62.237.208.66 #4: Quick Mode I1 message is unacceptable because
it uses a previously used Message ID 0xe47722c0 (perhaps this is a
duplicated packet)

I have the same Debian Lenny at both ends. The server is 64 bit the client
32bit.

Regards,

Michael.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091221/6a0cde16/attachment.html

More information about the Users mailing list