[Openswan Users] Site-to-site VPN with openswan

Willie Gillespie wgillespie+openswan at es2eng.com
Wed Aug 29 11:41:45 EDT 2012


On 8/29/2012 3:46 AM, Jakub Sobczak wrote:
> Hi,
>
> A good sign is that we have a connection and that seems to be working,
> but... am I right that there is a routing problem preventing the tunnel
> to work properly...?

Jumping in here, it's not working quite yet.  The ISAKMP (IKE) part is 
done but we still need to see an "IPsec SA established" before 
everything is complete.

>     Aug 29 11:35:47 : "conn" #2076: STATE_MAIN_R3: sent MR3, ISAKMP SA
>     established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
>     group=modp1536}
>     Aug 29 11:35:48 : "conn" #2076: the peer proposed:
>     192.168.5.2/32:0/0 <http://192.168.5.2/32:0/0> ->
>     *remote-ip-inside-vpn*/32:0/0
>     Aug 29 11:35:48 : "conn" #2076: cannot respond to IPsec SA request
>     because no connection is known for 192.168.5.2/32===my-gateway-ip
>     <http://192.168.5.2/32===my-gateway-ip><
>     my-gateway-ip >[+S=C]...remote-gateway-ip<remote-gateway-ip>[+S=C]===*remote-ip-inside-vpn*/32

The other side is trying to connect to a "subnet" of 192.168.5.2/32 but 
earlier in your log files I believe you have it set to 192.168.5.1/32. 
Does this sound right?


More information about the Users mailing list