pWell, the eth0 interface has address
192.168.1.24 but you define left=192.168.1.21. How do you suppose this is going to work? left must be the IP of a physical interface or you alteratively can define left=%defaultroute and leftnexthop=%direct because your peer are all directly connected to the 192.168.1.0/24 network. Regards Andreas ankaj gupta wrote: > Hi Andreas, > I tried 'ipsec up rw' and with other connections also, but it gives error: > "rw": we have no ipsecN interface for either end of this connection > > My setting for rw connection in ipsec.conf is: > conn rw > left=192.168.1.21 > leftsubnet=10.1.0.0/16 <http://10.1.0.0/16> > leftcert=karmicCert.pem > right=%any > auto=add > > Running 'ifconfig' results in: > eth0 Link encap:Ethernet HWaddr 00:0c:29:a4:ce:89 > inet addr:192.168.1.24 Bcast:192.168.1.255 Mask:255.255.255.0 > inet6 addr: fe80::20c:29ff:fea4:ce89/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:1446144 errors:4 dropped:0 overruns:0 frame:0 > TX packets:29047 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:685339952 (685.3 MB) TX bytes:7713988 (7.7 MB) > Interrupt:18 Base address:0x2000 > > eth2 Link encap:Ethernet HWaddr 00:0c:29:a4:ce:93 > inet addr:10.1.0.1 Bcast:10.1.255.255 Mask:255.255.0.0 > inet6 addr: fe80::20c:29ff:fea4:ce93/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:701810 errors:0 dropped:0 overruns:0 frame:0 > TX packets:33815 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:232827521 (232.8 MB) TX bytes:7517841 (7.5 MB) > Interrupt:16 Base address:0x2080 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:4 errors:0 dropped:0 overruns:0 frame:0 > TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:240 (240.0 B) TX bytes:240 (240.0 B) > > virbr0 Link encap:Ethernet HWaddr ae:7d:8f:49:de:3e > inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 > inet6 addr: fe80::ac7d:8fff:fe49:de3e/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:191 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 B) TX bytes:17967 (17.9 KB) > > I searched for the error, but got nothing specific. > Do I need to add a line like 'interfaces=%defaultroute' in ipsec.conf file? > > Regards > Pankaj Gupta > > > On Fri, Apr 16, 2010 at 1:26 PM, Andreas Steffen > <[email protected] <mailto:[email protected]>> > wrote: > > Ok, pluto is now successfully starting up so that you can remove > the --nofork option. As a next step you must initiate a connection > either on karmic or on pankaj-desktop with the command > > ipsec up <connection name> > > BTW you cannot define left...@karmic and right...@pankaj-desktop > if these IDs are not contained as subjectAltNames in the certificate > of the respective peer. > > Regards > > Andreas > > > On 16.04.2010 08:14, pankaj gupta wrote: > > Thanks so much Andreas. I did it and got overwhelming output at > console. > I am attaching the output with this mail for your review. > At some places it reports of some plugins not found, but doesnt stop > there. So think those are not creating problem. > There are a lot of signature verification, locking and unlocking > of values. > I could not understand if its running fine or not. > > I really appreciate your support in my distress. > > Regards > Pankaj Gupta > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
