OpenSWAN to OpenSWAN problems

Hi all! I'm trying to establish a VPN connection between tso OpenSWAN server. This is the scenario:

NAT Gateway A --- Server A --- Network A | INTERNET | NAT Gateway B --- Server B --- Network B

Here's my ipsec.conf for this connection:

conn test left=151.38.49.xxx leftsubnet=192.168.1.0/24 leftrsasigkey=0sAQNe... leftnexthop=%direct right=82.60.119.xxx rightsubnet=192.168.0.0/24 rightrsasigkey=0sAQNY... rightnexthop=%direct authby=rsasig auto=start

The file is the same on both servers. When I try to establish the connection I get:

ipsec__plutorun: 022 "test": we cannot identify ourselves with either end of this connection ipsec__plutorun: ...could not route conn "test" ipsec__plutorun: 022 "test": We cannot identify ourselves with either end of this connection. ipsec__plutorun: ...could not start conn "test"

I set nat_trasversal to yes but the same error appear. Both NAT Gateways support IPSec passthrough and UDP ports 500 and 4550 are both forwarder to Server A and Server B.

Thanks in advance, Heruan

Reply to
Heruan
Loading thread data ...

Heruan ha scritto:

[CUT]

I corrected my ipsec.conf that way:

conn test left=192.168.1.10 leftsubnet=192.168.1.0/24 leftnexthop=151.38.49.xxx leftrsasigkey=0sAQNe... right=192.168.0.10 rightsubnet=192.168.0.0/24 rightnexthop=82.60.119.xxx rightrsasigkey=0sAQNY... auto=add

and now in /var/log/messages I get:

ipsec__plutorun: 104 "test" #1: STATE_MAIN_I1: initiate ipsec__plutorun: ...could not start conn "test"

If I try a ``ipsec auto --up test'':

104 "test" #1: STATE_MAIN_I1: initiate 010 "test" #1: STATE_MAIN_I1: retransmission; will wait 20s for response 010 "test" #1: STATE_MAIN_I1: retransmission; will wait 40s for response

... and so on. With ``ipsec auto --status'':

"test" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 6s pending Phase 2 for "test" replacing #0 pending Phase 2 for "test" replacing #0

So the tunnel fails, I can't get out of this problem... TIA, Heruan

Reply to
Heruan

Heruan ha scritto:

I DID IT :)

Now I'm able to ping local ip of Server B from Server A, but not other ips of Network B (and viceversa). How-to configure Server A and B to route requests to their local networks? TIA. Heruan

Reply to
Heruan

Heruan ha scritto:

Done. Just enabled ipv4 forwarding at /etc/sysctl.conf! H.

Reply to
Heruan

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.