ipsec/strongswan Problem

Konrad Rosenbaum Tue, 05 May 2009 09:45:25 -0700

Hi,

ich habe ein Problem mit Strongswan: der Handshake an sich funktioniert, aber 
die virtuelle Route durch den Tunnel kann nicht hergestellt werden. Hat 
jemand eine Idee, was noch schiefläuft?


Strongswan: 4.2.4 (lenny), 4.2.9 (squeeze) (beide gleichermaßen betroffen)


        Konrad

Tunnel-Config (Laptop):
------
conn devantv4
  left=%defaultroute
  leftsubnet=2001:6f8:125f:1001::/64
  leftsourceip=2001:6f8:125f:1001::ffff
  leftcert=devantCert.pem
  leftsendcert=yes
  right=dyn.silmor.de
  rightallowany=yes
  rightsubnet=2001:6f8:125f:1::/64
  rightsourceip=%config
  rightcert=bistromaticCert.pem
  type=tunnel
  auto=add
-------

Output von ipsec up:
----
initiating IKE_SA devantv4[1] to 217.235.121.202
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 192.168.1.16[500] to 217.235.121.202[500]
received packet: from 217.235.121.202[500] to 192.168.1.16[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) CERTREQ ]
local host is behind NAT, sending keep alives
received cert request for "C=DE, O=home.silmor.de, CN=home.silmor.de, 
[email protected]"
received cert request for "C=AT"
sending cert request for "C=DE, O=home.silmor.de, CN=home.silmor.de, 
[email protected]"
authentication of 'C=AT' (myself) with RSA signature successful
establishing CHILD_SA devantv4
generating IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH CP SA TSi TSr 
N(MOBIKE_SUP) N(ADD_6_ADDR) ]
sending packet: from 192.168.1.16[4500] to 217.235.121.202[4500]
received packet: from 217.235.121.202[4500] to 192.168.1.16[4500]
parsed IKE_AUTH response 1 [ IDr AUTH CP SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) 
N(ADD_4_ADDR) N(ADD_4_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) N(ADD_6_ADDR) ]
  using trusted certificate "C=DE, O=home.silmor.de, CN=home.silmor.de, 
[email protected]"
authentication of 'C=DE, O=home.silmor.de, CN=home.silmor.de, 
[email protected]' with RSA signature successful
scheduling reauthentication in 3269s
maximum IKE_SA lifetime 3449s
IKE_SA devantv4[1] established between 192.168.1.16[C=AT]...217.235.121.202
[C=DE, O=home.silmor.de, CN=home.silmor.de, [email protected]]
installing new virtual IP 2001:6f8:125f:1001::ffff
received netlink error: Numerical result out of range (34)
unable to install source route for 2001:6f8:125f:1001::ffff
--------

_______________________________________________
Lug-dd maillist  -  [email protected]
https://ssl.schlittermann.de/mailman/listinfo/lug-dd

ipsec/strongswan Problem

Antwort per Email an