Hosting Provided By

[Users]

From: Ram Smith <ram(at)tilda.com.au>
Date: Sun Feb 29 2004 - 19:40:16 EST

G'day,

I'm having some problems with getting my connection to work correctly.

Thanks to some help from Sam i've managed to get my connection working, but in the reverse that i had intended.

I'm pretty sure that i now understand the basics of the ipsec.conf file, but maybe there is some magic dust that i can sprinkle on my conf files to get this connection of mine working in the way i intended.

I have two linux boxes, both running freeswan 2.05.
The left side is using rp-pppoe with a static IP address.
The right side has an ADSL router with VPN passthrough and NAT with a static IP sitting _in front_ of the server that i have freeswan on. This server has a private ip only (172.16.21.1)

I am wanting to provide a connection from the left subnet to the right gateway/server that is behind the DSL router.

I have the option to put the DSL router on the right into a bridged mode like the left side and give the server a live interet IP. However i would much rather leave the ADSL authentication and firewalling to the router, as this greatly simplifies the management of the locations.

Now to my specific problem.

When i start ipsec and attempt to initiate a connection the left side complains that:

Do you need help?

"cannot respond to IPsec SA request because no connection is known for 172.16.62.0/24===218.214.42.117[@yapaws.yapa.org.au]...61.95.27.85[@mail.yapa.org.au]===172.16.21.1/32"

Here is my conf file for the left side:

#< /etc/ipsec.conf 1

version 2.0

# basic configuration
config setup

        interfaces=%defaultroute

        # Debug-logging controls:  "none" for (almost) none, "all" for lots.


        klipsdebug=none
        plutodebug=none
        overridemtu=1492

        # Use auto= parameters in conn descriptions to control startup actions.

# defaults for subsequent connection descriptions #conn %default

# How persistent to be in (re)keying negotiations (0 means very).
#type=tunnel
#keyexchange=ike
#keylife=24h
#authby=rsasig

conn block

Do you need more help?

auto=ignore

conn private

auto=ignore

conn private-or-clear

auto=ignore

conn clear-or-private

auto=ignore

conn clear

Can we help you?

auto=ignore

conn packetdefault

auto=ignore

conn yapaws-yapagw

        left=218.214.42.117
        leftsubnet=172.16.62.0/24
        leftnexthop=%defaultroute
        leftid=@yapaws.yapa.org.au
        leftrsasigkey=[keyid AQN+36kZH]
        right=%any
        rightid=@mail.yapa.org.au
        rightrsasigkey=[keyid AQOXNRYk/]
        auto=add
========================

Here is a link to the result of "ipsec barf" from the left and right sides. called directly after running "ipsec setup restart" on both ends

http://www.digitalmethod.org/tmp/barf.left http://www.digitalmethod.org/tmp/barf.right

Any help would be much appreciated.

Ram.

Can't find what you're looking for?

-
ram smith, systems manager
tilda communications pty ltd http://www.tilda.com.au p (02) 9280 0258 f (02) 9280 0259 e ram@tilda.com.au level 1, 10 grafton st chippendale nsw 2008

FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Sun Feb 29 19:45:45 2004

This message: [ Message body ]
Next message: Sam Sgro: "Re: [Users]"
Previous message: Scott Spyrison: "[Users] General Nat and Xauth Questions"
In reply to François Bidondo: "[Users] I can ping but nothing else..."
Next in thread: Sam Sgro: "Re: [Users]"
Reply: Sam Sgro: "Re: [Users]"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:02:07 EDT