[Openswan Users] Set up IPSec connection: address family inconsistency in this connection=2 host=2

Pedro Sá da Costa psdc1978 at gmail.com
Wed Apr 3 17:37:36 UTC 2013 

I'm trying to set an IPSec tunnel between 2 hosts, but I get this error:
[code]
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: adjusting ipsec.d to
/etc/ipsec.d
Apr  3 15:45:26 ip-10-0-0-216 pluto: adjusting ipsec.d to /etc/ipsec.d
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 023 address family
inconsistency in this connection=2 host=2/nexthop=0
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 037 attempt to load
incomplete connection
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named
"vpc1-to-vpc2"
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 000 initiating all conns
with alias='vpc1-to-vpc2'
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named
"vpc1-to-vpc2"
[/code]

I've 2 hosts with these IPs:

[B]Host A[/B]
[code]
Public IP: 54.236.163.71
Public DNS: ec2-54-236-163-71.compute-1.amazonaws.com
Private DNS: ip-10-0-0-216.ec2.internal Product Codes:
Private IPs: 10.0.0.216/16
[/code]

[B]Host B[/B]
[code]
Public IP: 54.246.211.133
Public DNS: ec2-54-246-211-133.eu-west-1.compute.amazonaws.com
Private DNS: ip-172-16-0-104.eu-west-1.compute.internal
Private IPs: 172.16.0.104
[/code]

The private addresses are behind a NAT that gives the public address. From
the hosts, I can only get the private IPs with "ifconfig -a"


Here are my IPSec connections configuration:
[B]Host A[/B]
[code]
conn vpc1-to-vpc2
type=tunnel
 authby=secret
left=10.0.0.216
leftsubnet=10.0.0.0/16
 leftnexthop=%defaultroute
right=54.246.211.133
rightsubnet=172.16.0.0/16
 pfs=yes
auto=start
[/code]

[B]Host B[/B]
[code]
conn vpc1-to-vpc2
 type=tunnel
authby=secret
#left=%defaultroute
 left=10.0.0.216
leftsubnet=10.0.0.0/16
leftnexthop=%defaultroute
 right=54.246.211.133
rightsubnet=172.16.0.0/16
pfs=yes
 auto=start
[/code]

The secret key files are here:
[B]Host A[/B]
[code]
Host A:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc
%any %any: PSK "test"
[/code]

[B]Host B[/B]
[code]
host B:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc
%any %any: PSK "test"
[/code]

With this configuration I cannot setup a tunnel. I don't understand why I
get this problem, because it seems that the IPs are correct. Any help?

-- 
Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130403/df4dba62/attachment.html>

More information about the Users mailing list