Hello all ,
i get below error in log "host-host" #2: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xd964a2a1 (perhaps this is a duplicated packet) " "host-host" #2: sending encrypted notification INVALID_MESSAGE_ID to 10.90.200.22:500 any ideas why am i getting this. thanks --rama kanth On 11/30/12, ramakanth varala <[email protected]> wrote: > Hello all, > > Iam having two VPN Servers behind NAT as show below. > > > ______________ ___________ > ___________ _____________ __ > | 192.168.1.254 |_________| 192.168.1.1 | ___________________ > | 192.168.1.1 |=====|192.168.1.254 (B) | > |_(PC A) _______| | 10.10.15.3 | ====> |10.10.15.1 > (router) |=====>| 10.10.15.8 | |_______________ | > -------------------- > ---------------------------------- --------------------- > > ipsec.conf currently iam using following at PC A > > > *config setup > charonstart=no > plutodebug=all > plutostderrlog=/var/pluto.txt > crlcheckinterval=180 > strictcrlpolicy=no > nat_traversal=yes > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev1 > auto=add > authby=secret > > conn host-host > right=192.168.1.254 > left=%defaultroute > leftsubnet=192.168.1.0/24 > leftnexthop=192.168.1.1 > rightsubnet=192.168.1.0/24 > rightnexthop=10.10.15.8 > #[email protected] > auto=add > authby=secret > > > * > > and ipsec.conf PC B. > > *config setup > charonstart=no > plutodebug=all > plutostderrlog=/var/pluto.txt > crlcheckinterval=180 > strictcrlpolicy=no > nat_traversal=yes > > conn %default > ikelifetime=60m > keylife=20m > rekeymargin=3m > keyingtries=1 > keyexchange=ikev1 > auto=add > authby=secret > > conn host-host > right=192.168.1.254 > left=%defaultroute > leftsubnet=192.168.1.0/24 > leftnexthop=192.168.1.1 > rightsubnet=192.168.1.0/24 > rightnexthop=10.10.15.3 > #[email protected] > auto=add > authby=secret > > * > > > when i do ipsec up host-host i get error as below > > > *022 "host-host": we have no ipsecN interface for either end of this > connection* > > > Where am i going wrong exactly can any body help me here > > thanks > Rama Kanth > > > On Sun, Aug 19, 2012 at 12:27 PM, Andreas Steffen < > [email protected]> wrote: >> You need the parameter >> >> auto=add >> >> because the default is auto=ignore which doesn't load the >> connection definition. pluto doesn't support left=%any, >> either defined an IP address or write >> >> left=%defaultroute >> >> For the initiator you have to give an IP address for right so >> it can actively connect to the responder. >> >> Regards >> >> Andreas >> >> On 08/18/2012 05:07 PM, ramakanth varala wrote: >>> Hello all, >>> >>> Iam new to strongswan, i am trying to run strongswan in my target >>> board and a RHEL6 machine connected to that . >>> >>> My aim is to run the strongswan VPN server on my target board with a >>> host-host tunnel to my linux machine connected to that. >>> >>> There are lot of missing blocks for me. >>> >>> 1) When ever i try to run the ipsec ( either in my target board or in >>> my linux machine) with some configurations like below >>> >>> ipsec.conf >>> ======== >>> >>> config setup >>> #charonstart=no >>> plutostart=yes >>> >>> conn %default >>> left=%any >>> right=%any >>> authby=psk >>> >>> >>> ipsec.secrets >>> =========== >>> %any %any : PSK "123456" >>> >>> >>> i see that it does not show any thing when i type ipsec status >>> >>> 2) i oftenly see my ipsec.conf getting autogenerated and wiped out my >>> confiugrations which ever i kept >>> >>> 3) Here my aim is to establish a simplist configuration to have VPN >>> tunnel between my target board and my LINUX machine. if any body can >>> sugget a simple configuration related to it , that would be really >>> helpfull. >>> >>> iam running strongswan 4.6.1 >>> >>> thanks >> >> ====================================================================== >> Andreas Steffen [email protected] >> strongSwan - the Linux VPN Solution! www.strongswan.org >> Institute for Internet Technologies and Applications >> University of Applied Sciences Rapperswil >> CH-8640 Rapperswil (Switzerland) >> ===========================================================[ITA-HSR]== > _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
