[Openswan Users] Problems using openswan and KLIPS on alias interface

Diogo V. kersting k at brlix.com
Thu Apr 28 12:15:01 EDT 2011 

The problem was that I had 2 ip address of the same subnet in the same
interface, than I was choosing the "secondary" one.

ip a
[...]
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:71:03:03 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.230/24 brd 192.168.10.255 scope global eth0
    inet 192.168.5.1/23 brd 192.168.5.255 scope global eth0:5
    inet 192.168.15.1/24 brd 192.168.15.255 scope global eth0:4
    inet 11.11.11.12/24 brd 11.11.11.255 scope global eth0:134543815
    inet 192.168.0.230/24 brd 192.168.0.255 scope global eth0:3
    inet 20.20.20.20/8 brd 20.255.255.255 scope global eth0:8
    inet 192.168.10.231/24 brd 192.168.10.255 scope global secondary
eth0:1 // this doesn't work
    inet 192.168.10.232/24 brd 192.168.10.255 scope global secondary
eth0:2 // this doesn't work
    inet 20.20.20.1/8 brd 20.255.255.255 scope global secondary eth0:9
// this doesn't work
    inet6 fe80::216:3eff:fe71:303/64 scope link


On Wed, Apr 27, 2011 at 2:49 PM, Diogo V. kersting <k at brlix.com> wrote:
> Thanks for your answer. That did not solve the problem:
> Here is what I used:
>
> # ipsec --version
> Linux Openswan 2.6.33 (klips)
>
> # uname -r
> 2.6.38-xeon
>
> # ifconfig eth0
> eth0       Encapsulamento do Link: Ethernet  Endereço de HW 00:16:3E:71:03:03
>          inet end.: 192.168.10.230  Bcast:192.168.10.255  Masc:255.255.255.0
>
> # ifconfig eth0:4
> eth0:4     Encapsulamento do Link: Ethernet  Endereço de HW 00:16:3E:71:03:03
>          inet end.: 192.168.15.1  Bcast:192.168.15.255  Masc:255.255.255.0
>
> ###ipsec.conf###
>
> version 2.0
>
> config setup
>        interfaces="ipsec0=eth0 ipsec1=eth0:4"
>        protostack=klips
>
> conn vpn1
>   authby=secret
>   auto=add
>   type=tunnel
>   left=192.168.10.230
>   right=192.168.10.70
>
> conn vpn2
>   authby=secret
>   auto=add
>   type=tunnel
>   left=192.168.15.1
>   right=192.168.15.70
>
> ###end ipsec.conf###
>
> # ipsec auto --up vpn1
> 104 "vpn1" #1: STATE_MAIN_I1: initiate
> 003 "vpn1" #1: received Vendor ID payload [Openswan (this version) 2.6.33 ]
> 003 "vpn1" #1: received Vendor ID payload [Dead Peer Detection]
> 106 "vpn1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "vpn1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 003 "vpn1" #1: received Vendor ID payload [CAN-IKEv2]
> 004 "vpn1" #1: STATE_MAIN_I4: ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha
> group=modp2048}
> 117 "vpn1" #2: STATE_QUICK_I1: initiate
> 004 "vpn1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel
> mode {ESP=>0xdcbbb294 <0x0ee2a930 xfrm=AES_128-HMAC_SHA1 NATOA=none
> NATD=none DPD=none}
>
> // vpn1 works!
>
> root at desenv1:/usr/local/ipsec/etc# $IPSEC auto --down vpn1
> root at desenv1:/usr/local/ipsec/etc# $IPSEC auto --up vpn2
> 022 "vpn2": We cannot identify ourselves with either end of this connection.
>
> // vpn2 doesn't.
>
>
> Any suggestions?
> --
> Diogo V. Kersting - Epidemus LTDA
>



-- 
--
Diogo V. Kersting - Epidemus LTDA

More information about the Users mailing list