Hosting Provided By

[Users] cannot initiate connection without knowing peer IP address

From: Brad Hazledine <brad.hazledine(at)caledoncard.com>
Date: Fri Mar 14 2003 - 14:36:19 EST

Hello.

I am currently running FreeSwan 1.5 with connections to Checkpoint, Shiva etc.
I am now trying to set up a tunnel between us and a Nortel Contivity. I was having no luck with the 1.5 so I installed 1.99 on a separate box. I am getting "cannot initiate connection without knowing peer IP address" I cannot see the problem...

root@fswtest:/etc# ipsec auto --status
000 interface ipsec0/eth0 216.xxx.xx.x
000
000 "somecompany":64.x.xxx.xxx/32===216.xxx.xx.x---216.xxx.xx.x... 172.xx.x.x---207.xxx.xxx.xx===10.xxx.xx.xxx/32 000 "somecompany": ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 1
000 "somecompany": policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth0; unrouted
000 "somecompany": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0

config setup

	# THIS SETTING MUST BE CORRECT or almost nothing will work;
	# %defaultroute is okay for most simple cases.
	interfaces="ipsec0=eth0"
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug=none
	plutodebug=none
	# Use auto= parameters in conn descriptions to control startup actions.
	plutoload=%search
	plutostart=%search
	# Close down old connection when new one using same ID shows up.
	uniqueids=yes

# defaults for subsequent connection descriptions # (these defaults will soon go away)
conn %default

	keyingtries=1
	disablearrivalcheck=no

conn somecompany
	left=216.xxx.xx.x
	leftsubnet=64.x.xxx.xxx/32
	leftnexthop=216.xxx.xx.x
	right=207.xxx.xxx.xx
	rightsubnet=10.xxx.xx.xxx/32
	rightnexthop=172.xx.x.x
	keyexchange=ike
	authby=secret
	auth=esp
	keylife=1h
	auto=start

>From the logs...

Mar 15 03:02:58 fswtest ipsec__plutorun: 025 "somecompany": cannot route Road Warrior template
Mar 15 03:02:58 fswtest ipsec__plutorun: 025 "somecompany": could not route
Mar 15 03:02:58 fswtest ipsec__plutorun: ...could not route conn "somecompany"
Mar 15 03:02:58 fswtest ipsec__plutorun: 029 "somecompany": cannot initiate
connection without knowing peer IP address Mar 15 03:02:58 fswtest ipsec__plutorun: ...could not start conn "somecompany"

Do you need help?

Any help would be appreciated.

Thanks

Brad Hazledine <brad.hazledine@caledoncard.com>

Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Fri Mar 14 18:15:35 2003

This message: [ Message body ]
Next message: Robin Cornelius: "[Users] a really stupid problem, maybe routing?"
Previous message: John S. Denker: "[Users] Re: [Design] mast(4)"
Reply: Robin Cornelius: "[Users] a really stupid problem, maybe routing?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:00:51 EDT