[Openswan Users] trouble setting up subnet to subnet tunnel

jpr jpr at msn.com
Thu Mar 14 21:51:30 UTC 2013 

Hi,

Having trouble setting up a subnet to subnet tunnel.

Can anyone see the issue with SA?

Thanks.

-jpr

 

# /etc/ipsec.conf

version    2.0    # conforms to second version of ipsec.conf specification

 

config setup

        nat_traversal=yes

        virtual_private=%v4:192.168.115.0/24,%v4:10.0.0.0/16

        protostack=auto

        #protostack=mast  # used for SAref + MAST only

        interfaces="%none" 

        oe=off

                plutodebug="all"

 

 

conn xyz-site1

        nat_traversal=yes

        authby=secret

        pfs=yes

        keyexchange=ike

        ike=aes256-sha1;modp1024

        phase2=esp

        phase2alg=aes256-sha1;modp1024

        auto=add

        rekey=no

        # overlapip=yes   # for SAref + MAST

        # sareftrack=yes  # for SAref + MAST

       type=tunnel

        left=[local gateway ip]

        leftsubnet=192.168.115.0/24

        leftprotoport=17/1701

        #

        # The remote user.

        #

        right=[remotel gateway ip]

        rightsubnet=10.0.0.0/16

        rightprotoport=17/%any

 

after phase 1 completes...

Mar 13 08:26:49 LB2-*** pluto[19432]: | peer client is subnet 10.0.0.0/16

Mar 13 08:26:49 LB2-*** pluto[19432]: | peer client protocol/port is 0/0

Mar 13 08:26:49 LB2-*** pluto[19432]: | our client is subnet
192.168.115.0/24

Mar 13 08:26:49 LB2-*** pluto[19432]: | our client protocol/port is 0/0

Mar 13 08:26:49 LB2-*** pluto[19432]: "xyz-site1" #49: the peer proposed:
192.168.115.0/24:17/1701 -> 10.0.0.0/16:17/0

Mar 13 08:26:49 LB2-*** pluto[19432]: | find_client_connection starting with
xyz-site1

Mar 13 08:26:49 LB2-*** pluto[19432]: |   looking for 192.168.115.0/24:0/0
-> 10.0.0.0/16:0/0

Mar 13 08:26:49 LB2-*** pluto[19432]: |   concrete checking against sr#0
[local gateway ip]/32 -> 10.0.0.0/16

Mar 13 08:26:49 LB2-*** pluto[19432]: |    match_id a=[remotel gateway ip]

Mar 13 08:26:49 LB2-*** pluto[19432]: |             b=[remotel gateway ip]

Mar 13 08:26:49 LB2-*** pluto[19432]: |    results  matched

Mar 13 08:26:49 LB2-*** pluto[19432]: |   trusted_ca called with a=(empty)
b=(empty)

Mar 13 08:26:49 LB2-*** pluto[19432]: |   fc_try concluding with none [0]

Mar 13 08:26:49 LB2-*** pluto[19432]: |   fc_try xyz-site1 gives none

Mar 13 08:26:49 LB2-*** pluto[19432]: | find_host_pair: comparing to [local
gateway ip]:500 0.0.0.0:500 

Mar 13 08:26:49 LB2-*** pluto[19432]: |   checking hostpair [local gateway
ip]/32 -> 10.0.0.0/16 is found

Mar 13 08:26:49 LB2-*** pluto[19432]: |    match_id a=[remotel gateway ip]

Mar 13 08:26:49 LB2-*** pluto[19432]: |             b=(none)

Mar 13 08:26:49 LB2-*** pluto[19432]: |    results  matched

Mar 13 08:26:49 LB2-*** pluto[19432]: |   trusted_ca called with a=(empty)
b=(empty)

Mar 13 08:26:49 LB2-*** pluto[19432]: |   fc_try concluding with none [0]

Mar 13 08:26:49 LB2-*** pluto[19432]: |   concluding with d = none

Mar 13 08:26:49 LB2-*** pluto[19432]: "xyz-site1" #49: cannot respond to
IPsec SA request because no connection is known for
192.168.115.0/24===[local gateway ip]<[local gateway ip]>[+S=C]...[remotel
gateway ip]<[remotel gateway ip]>[+S=C]:0/%any===10.0.0.0/16

Mar 13 08:26:49 LB2-*** pluto[19432]: | complete state transition with
(null)

Mar 13 08:26:49 LB2-*** pluto[19432]: "xyz-site1" #49: sending encrypted
notification INVALID_ID_INFORMATION to [remotel gateway ip]:500

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130314/700e61eb/attachment.html>

More information about the Users mailing list