Hi guys, I know this should go to the openswan list, but no one seems to want to help or respond. I was hoping one of you guys might be able to help me out.
I'm having an issue setting up a tunnel that I need some help with. I have included the relevant files below My first issue is when I start ipsec I get the following error: Dec 6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0 Dec 6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete connection Dec 6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0 Dec 6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete connection My second issue is the right side can't connect. packet from 119.225.115.131:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d50c009ee...] packet from 119.225.115.131:500: initial Main Mode message received on 103.29.172.40:500 but no connection has been authorized with policy=PSK packet from 119.225.115.131:500: ignoring unknown Vendor ID payload [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d50c009ee...] packet from 119.225.115.131:500: initial Main Mode message received on 103.29.172.40:500 but no connection has been authorized with policy=PSK Can anyone help me on where to go from here? Cheers Adam firewall# ipsec --version Linux Openswan 2.6.37 (klips) firewall# cat ipsec.conf # /etc/ipsec.conf - Openswan IPsec configuration file version 2.0 # conforms to second version of ipsec.conf specification # basic configuration config setup #plutodebug = "all" #klipsdebug = "all" plutoopts="--perpeerlog" dumpdir=/var/run/pluto/ nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0 .0.0/8,%v6:fd00::/8,%v6:fe80::/10 oe=off protostack=klips plutostderrlog=/var/log/pluto.log interfaces="ipsec0=eth0" listen=103.29.172.40 # Add connections here conn multi-conn1 rightsubnets={144.55.124.122/32,144.55.123.187/32,144.55.122.67/32,144.55.12 3.63/32,172.27.130.1/32,172.27.130.2/32,192.168.11.51/32,144.55.124.206/32} leftsubnets={103.29.173.70/32,103.29.173.71/32,103.29.173.72/32,103.29.173.7 3/32,103.29.173.74/32,103.29.173.75/32,103.29.173.76/32,103.29.173.80/32,103 .29.173.81/32,103.29.173.82/32,103.29.173.83/32,103.29.173.84/32,103.29.173. 85/32,103.29.173.86/32,103.29.173.60/32,103.29.173.61/32,103.29.173.64/32,10 3.29.173.65/32} also=conn1 conn conn1 type = tunnel authby = secret left = 103.29.172.40 leftnexthop = %defaultroute right = 119.225.115.131 rightnexthop = %defaultroute ike = aes256-sha1-modp1536 esp = aes256-sha1 keyexchange = ike pfs = no auto = add firewall# cat ipsec.secrets # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. 103.29.172.40 119.225.115.131: PSK "BLANK-BLANK-BLANK" firewall# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:35:35:9e brd ff:ff:ff:ff:ff:ff inet 103.29.172.1/24 brd 103.29.172.255 scope global eth0 inet 103.29.173.1/24 brd 103.29.173.255 scope global eth0:0 inet 103.29.174.1/24 brd 103.29.174.255 scope global eth0:1 inet 103.29.175.1/24 brd 103.29.175.255 scope global eth0:2 inet 172.16.0.100/24 brd 172.16.0.255 scope global eth0:4 inet 103.29.172.40/24 scope global secondary eth0 inet6 fe80::225:90ff:fe35:359e/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:25:90:35:35:9f brd ff:ff:ff:ff:ff:ff inet 202.45.103.162/30 brd 202.45.103.163 scope global eth1 inet6 fe80::225:90ff:fe35:359f/64 scope link valid_lft forever preferred_lft forever 82: ipsec0: <NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 10 link/ether 00:25:90:35:35:9e brd ff:ff:ff:ff:ff:ff inet 103.29.172.1/32 scope global ipsec0 inet 103.29.173.1/32 scope global ipsec0 inet 103.29.174.1/32 scope global ipsec0 inet 103.29.175.1/32 scope global ipsec0 inet 172.16.0.100/32 scope global ipsec0 inet 103.29.172.40/32 scope global ipsec0 inet6 fe80::225:90ff:fe35:359e/128 scope link valid_lft forever preferred_lft forever 83: ipsec1: <NOARP> mtu 0 qdisc noop state DOWN qlen 10 link/void firewall# cat daemon.log Dec 6 13:51:29 firewall ipsec_setup: Starting Openswan IPsec 2.6.37... Dec 6 13:51:29 firewall ipsec_setup: Using KLIPS/legacy stack Dec 6 13:51:30 firewall ipsec_setup: KLIPS debug `none' Dec 6 13:51:30 firewall ipsec_setup: KLIPS ipsec0 on eth0 103.29.172.1/24 broadcast mtu 1500 Dec 6 13:51:30 firewall ipsec_setup: ipsec0 -> NULL mtu=0(0) -> 0 Dec 6 13:51:30 firewall ipsec_setup: ...Openswan IPsec started Dec 6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0 Dec 6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete connection Dec 6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0 Dec 6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete connection ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/