[Openswan Users] subnet-to-subnet problem
farajian amin
amin_o_city at yahoo.com
Tue Oct 13 11:48:40 EDT 2009
Dear All,
We have 2 embbeded boards with sparc 200Mhz processors running linux 2.6.21.1. We have added openswan 2.6.19 with KLIPS support on it. They work fine with together when the ipsec.config contains only host to host configurations.
The problem is started when we want to have a subnet to subnet configuration, at it shows itself as a series of commands as follows.
In the initiator board :
----- "net_to_net" #2: message ignored because it contains an unexpected payload type ISAKMP_NEXT_HASH)
----- "net_to_net" #2: sending encrypted notification INVALID_PAYLOAD_TYPE to 192.168.1.87:500
and in the responder board :
-----"net_to_net" #1: ignoring informational payload, type INVALID_PAYLOAD_TYPE msgid=00000000
-----"net_to_net" #1: received and ignored informational message
In the initiator board the messages are shown after the following step:
----"net_to_net" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x057fab9b ----<0xbf5192a7 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
and in the responder the will appear after
----"net_to_net" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2.
Our ipsec.conf files are as follows, and ipsec.secret is set to use PSK.
-----------------------ipsec.conf-------------------
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
#plutodebug="control parsing"
#nat_traversal=yes
conn net_to_net
authby=secret
left=192.168.1.87
#leftsourceip=40.40.40.1
leftsubnet=40.40.40.0/24
right=192.168.1.88
rightsubnet=30.30.30.0/24
#rightsourceip=30.30.30.1
type=tunnel
auto=add
--------------------------------------------------------------
Where is the problem??
Thanks in Advance,
Amin Farajian
More information about the Users
mailing list