[Openswan Users] Site-to-site VPN with openswan
Willie Gillespie
wgillespie+openswan at es2eng.com
Wed Aug 29 11:41:45 EDT 2012
On 8/29/2012 3:46 AM, Jakub Sobczak wrote:
> Hi,
>
> A good sign is that we have a connection and that seems to be working,
> but... am I right that there is a routing problem preventing the tunnel
> to work properly...?
Jumping in here, it's not working quite yet. The ISAKMP (IKE) part is
done but we still need to see an "IPsec SA established" before
everything is complete.
> Aug 29 11:35:47 : "conn" #2076: STATE_MAIN_R3: sent MR3, ISAKMP SA
> established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
> group=modp1536}
> Aug 29 11:35:48 : "conn" #2076: the peer proposed:
> 192.168.5.2/32:0/0 <http://192.168.5.2/32:0/0> ->
> *remote-ip-inside-vpn*/32:0/0
> Aug 29 11:35:48 : "conn" #2076: cannot respond to IPsec SA request
> because no connection is known for 192.168.5.2/32===my-gateway-ip
> <http://192.168.5.2/32===my-gateway-ip><
> my-gateway-ip >[+S=C]...remote-gateway-ip<remote-gateway-ip>[+S=C]===*remote-ip-inside-vpn*/32
The other side is trying to connect to a "subnet" of 192.168.5.2/32 but
earlier in your log files I believe you have it set to 192.168.5.1/32.
Does this sound right?
More information about the Users
mailing list