Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > users > 03 > 031519.html (Request Expert lists.freeswan.org Support)

[Users] Re: anyone can help on this: "cannot initiate connection without knowing peer IP address"?

From: Calvin <calvinproject(at)ihug.com.au>
Date: Mon Mar 31 2003 - 00:12:28 EST


Hi all,

Just an update about my problem, it seems I fixed it. I add the leftid/rightid in the ipsec.conf then it works. However, when I set the "leftid=@toowoomba" (toowoomba is host name of the pc), it doesn't work same to the rightid. The i set it the leftid/rightid to the ip address od left/right, then it seems works, but I still not sure, when i run the command, i got the result below, does it mean it is alright now?

When I check the ifconfig, i found that the eth0 and eth1 have some Rx/Tx, but the ipsec0 both got not activity at all. I read the doc from freeswan, it says i can test by running ping on the gateway itself, but i did that.

As my network is really simple like this:

 192.168.0.1(eth1) <- no PC attached here right now

      ( A )
 192.170.10.11 (eth0) <- + <- interfaces="ipsec0=eth0")

| + - different setting in
ipsec.conf

| +
 192.170.10.1(eth1) <------+ <- interfaces="ipsec0=eth1"

Do you need help?X

     ( B name: toowoomba)
 137.111.220.150 (eth0)

|
|

 ( LAN ) so how should I test this? 

+++++ ++++++++++++++++++++++

this is what i get , is my tunnel working? 
+++++++++++++++++++++++++++

[root@toowoomba root]# ipsec auto --up gw 
104 "gw" #5: STATE_MAIN_I1: initiate
106 "gw" #5: STATE_MAIN_I2: sent MI2, expecting MR2
108 "gw" #5: STATE_MAIN_I3: sent MI3, expecting MR3
004 "gw" #5: STATE_MAIN_I4: ISAKMP SA established
112 "gw" #6: STATE_QUICK_I1: initiate
004 "gw" #6: STATE_QUICK_I2: sent QI2, IPsec SA established

>From the /var/log/secure
Mar 31 02:05:04 toowoomba pluto[3770]: "gw" #5: initiating Main Mode Mar 31 02:05:04 toowoomba pluto[3770]: "gw" #5: Peer ID is ID_IPV4_ADDR: '192.170.10.11'
Mar 31 02:05:04 toowoomba pluto[3770]: "gw" #5: ISAKMP SA established Mar 31 02:05:04 toowoomba pluto[3770]: "gw" #6: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
Mar 31 02:05:04 toowoomba pluto[3770]: "gw" #6: sent QI2, IPsec SA established

Thanks very much for all your helps!!!!!

Calvin

  • Original Message ----- From: "Calvin" <calvinproject@ihug.com.au> To: < > Cc: <calvinproject@ihug.com.au> Sent: Monday, March 31, 2003 12:19 AM Subject: anyone can help on this: "cannot initiate connection without knowing peer IP address"? 
> Dear all,
> I am new to freeswan and I need to setup freeswan for my project.
> I have been trying to found out the solution of this problem but I failed.
> I setup a very simple test network, and now i got the problem of
> "029 "gw": cannot initiate connection without knowing peer IP address"
>
> I try to give as much information as possible here, anyone can give me a
> hand please? I have been struggling with FreeSwan for long time but
> still can't get it work.. Please help.
>
> I am really appreciate with any help and comment
>
> Calvin
>
> this is my simple net setup
>
> 192.168.0.1(eth1) <- no PC attached here right now
>      (  A )
> 192.170.10.11 (eth0)   <- +  <- interfaces="ipsec0=eth0")
>         |                                + - different setting in
ipsec.conf
>         |                                +
> 192.170.10.1(eth1) <------+ <- interfaces="ipsec0=eth1"
>     (    B  name: toowoomba)
> 137.111.220.150 (eth0)
>         |
>         |
> (    LAN    )
>
>
> +++++++++
> ipsec.conf  +
> +++++++++
> config setup
>         # interfaces=%defaultroute
>         interfaces="ipsec0=eth1"
>         klipsdebug=none
>         plutodebug=none
>         plutoload=%search
>         plutostart=%search
>         uniqueids=yes
>
> conn %default
>         keyingtries=0
>         disablearrivalcheck=no
>         authby=rsasig
>
> conn gw
>         left=192.170.10.1
>         leftnexthop=192.170.10.11
>         leftsubnet=137.111.0.0/16

Do you need more help?X

>         right=192.170.10.11
>         rightnexthop=192.170.10.1
>         rightsubnet=192.168.0.0/24
>         leftrsasigkey=...
>         rightrsasigkey=...
>         auto=add
>
> ++++++++++++++++++
> ++ I ran this command ++
> ++++++++++++++++++
>
> [root@toowoomba root]# ipsec auto --status
> 000 interface ipsec0/eth1 192.170.10.1
> 000
> 000 "gw": 137.111.0.0/16===192.170.10.1...192.170.10.11===192.168.0.0/24
> 000 "gw":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0
> 000 "gw":   policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth1; unrouted
> 000 "gw":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
>
> +++++++++++++++
> /var/messages +
> +++++++++++++++
>

> Mar 30 22:56:28 toowoomba ipsec_setup: Stopping FreeS/WAN IPsec... > Mar 30 22:56:29 toowoomba kernel: IPSEC EVENT: KLIPS device ipsec0 shutdown. 
> Mar 30 22:56:29 toowoomba kernel: klips_info:pfkey_cleanup: shutting down
> PF_KEY domain sockets.
> Mar 30 22:56:29 toowoomba kernel: klips_info:cleanup_module: ipsec module
> unloaded.
> Mar 30 22:56:29 toowoomba /etc/hotplug/net.agent: NET unregister event not
> supported
> Mar 30 22:56:30 toowoomba last message repeated 3 times
> Mar 30 22:56:30 toowoomba ipsec_setup: ...FreeS/WAN IPsec stopped
> Mar 30 22:56:30 toowoomba ipsec_setup: Starting FreeS/WAN IPsec 1.99...
> Mar 30 22:56:30 toowoomba ipsec_setup: Using
> /lib/modules/2.4.18-14/kernel/net/ipsec/ipsec.o
> Mar 30 22:56:30 toowoomba kernel: klips_info:ipsec_init: KLIPS startup,
> FreeS/WAN IPSec version: 1.99
> Mar 30 22:56:30 toowoomba /etc/hotplug/net.agent: invoke ifup ipsec0
> Mar 30 22:56:30 toowoomba /etc/hotplug/net.agent: invoke ifup ipsec1
> Mar 30 22:56:30 toowoomba /etc/hotplug/net.agent: invoke ifup ipsec2
> Mar 30 22:56:30 toowoomba /etc/hotplug/net.agent: invoke ifup ipsec3
> Mar 30 22:56:30 toowoomba ipsec_setup: KLIPS debug `none'
> Mar 30 22:56:30 toowoomba ipsec_setup: KLIPS ipsec0 on eth1

Can we help you?X

> 192.170.10.1/255.255.255.0 broadcast 192.170.10.255
> Mar 30 22:56:30 toowoomba ipsec_setup: ...FreeS/WAN IPsec started
>
> ++++++++++++
> /var/secure+
> ++++++++++++
>
> Mar 30 22:56:30 toowoomba ipsec__plutorun: Starting Pluto subsystem...
> Mar 30 22:56:30 toowoomba pluto[1901]: Starting Pluto (FreeS/WAN Version
> 1.99)
> Mar 30 22:56:30 toowoomba pluto[1901]:   including X.509 patch with
traffic 
> selectors (Version 0.9.25)
> Mar 30 22:56:30 toowoomba pluto[1901]: Changing to directory
> '/etc/ipsec.d/cacerts'
> Mar 30 22:56:30 toowoomba pluto[1901]:   Warning: empty directory
> Mar 30 22:56:30 toowoomba pluto[1901]: Changing to directory
> '/etc/ipsec.d/crls'Mar 30 22:56:30 toowoomba pluto[1901]:   Warning: empty
> directory
> Mar 30 22:56:30 toowoomba pluto[1901]:   could not open my default X.509
> cert file '/etc/x509cert.der'
> Mar 30 22:56:30 toowoomba pluto[1901]: OpenPGP certificate file
> '/etc/pgpcert.pgp' not found
> Mar 30 22:56:30 toowoomba pluto[1901]: added connection description "gw"
> Mar 30 22:56:30 toowoomba pluto[1901]: listening for IKE messages
> Mar 30 22:56:30 toowoomba pluto[1901]: adding interface ipsec0/eth1
> 192.170.10.1
> Mar 30 22:56:30 toowoomba pluto[1901]: loading secrets from
> "/etc/ipsec.secrets"
> Mar 30 22:59:43 toowoomba pluto[1901]: "gw": cannot initiate connection
> without knowing peer IP address
>
>



_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users Received on Thu Apr 3 22:26:38 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:12 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library