Hi Adam on 06.12.2012 09:16, ads...@genis-x.com wrote: > Hi guys, > > I know this should go to the openswan list, but no one seems to want to help > or respond. I was hoping one of you guys might be able to help me out.
I guess they were either shocked or intimidated by your multi connection set up. I must admit it is rather surprising :-) > > > > I'm having an issue setting up a tunnel that I need some help with. > > > > I have included the relevant files below > > > My first issue is when I start ipsec I get the following error: > > > > Dec 6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency > in this connection=2 host=2/nexthop=0 > > Dec 6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete > connection > > Dec 6 13:51:30 firewall ipsec__plutorun: 023 address family inconsistency > in this connection=2 host=2/nexthop=0 > > Dec 6 13:51:30 firewall ipsec__plutorun: 037 attempt to load incomplete > connection looks like your conn is broken, maybe you should try with more simple {left|right}subnet settings Also you don't use %defaultroute on the xxnexthop parameters. I for once use it on left=%defaultroute. I _believe_ you cannot have your type of interface definition in the setup config if you want to use %defaultroute for left. I would suggest to leave away the interfaces description in the setup config and use left=%defaultroute > > > > My second issue is the right side can't connect. > > packet from 119.225.115.131:500: ignoring unknown Vendor ID payload > [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d50c009ee...] > > packet from 119.225.115.131:500: initial Main Mode message received on > 103.29.172.40:500 but no connection has been authorized with policy=PSK This appears to be a consequence of the above. > > packet from 119.225.115.131:500: ignoring unknown Vendor ID payload > [f4ed19e0c114eb516faaac0ee37daf2807b4381f000000010000138d50c009ee...] > > packet from 119.225.115.131:500: initial Main Mode message received on > 103.29.172.40:500 but no connection has been authorized with policy=PSK > > > > Can anyone help me on where to go from here? cheers Erich
smime.p7s
Description: S/MIME Kryptografische Unterschrift
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/