[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ipsec
Subject:    [Users] Routing problems
From:       John van Lit <j-lit () planet ! nl>
Date:       2003-05-30 22:51:23
[Download RAW message or body]

Hi all,

I’m having trouble ping to my local subnet.
The connection is set up between the Freeswan 1.98b and W2k.
I use a 2.2.19 kernel
I installed the follow:	Freeswan 1.98b, X509 0.9.28 patch, Openssl 0.6.9b
After this I have made the correction in openssl.cnf and in the CA.sh
In CA.sh I have set the DAYS part to 7300 in the default config windows had
trouble with my certificate.
The following errors I receive:
klips_debug:ipsec_makeroute: rj_addroute not able to insert eroute for
SA:tun0x1003@10.0.0.125
"roadwarrior"[4] 10.0.0.143 #6: ERROR: PF_KEY SADB_X_ADDFLOW response for
flow tun.1007@10.0.0.143 included errno 250: Unknown error 250
This is how my config file on the freeswan gateway looks:

config setup
	interfaces="ipsec0=eth1"
	klipsdebug=none
	plutodebug=none
	plutoload=%search
	plutostart=%search
	uniqueids=yes
conn %default
	keyingtries=1
	compress=yes
	disablearrivalcheck=no
	authby=rsasig
	leftrsasigkey=%cert
	rightrsasigkey=%cert
conn roadwarrior-net
	leftsubnet=192.168.9.0/24
	also=roadwarrior
conn roadwarrior
	right=%any
	left=10.0.0.125
	leftcert=rootcert.pem
	auto=add
	pfs=yes

On my windows 2000 client it looks like this

conn roadwarrior
left=%any
right=10.0.0.125
rightca="C=US,S=State,L=City,O=ExampleCo,CN=CA,Email=host@example.com"
network=auto
auto=start
pfs=yes

conn roadwarrior-net
left=%any
right=10.0.0.125
rightsubnet=192.168.9.0/24
rightca="C=US,S=State,L=City,O=ExampleCo,CN=CA,Email=host@example.com"
network=auto
auto=start
pfs=yes

I have also tried to set the rightsubnet=192.168.9.0/32

When it is with /32 the response request time out
When it is with /24 the response Destination host unreachable

I have included a full barf file
Could somebody please help me here

I need to get it working correct.


Rgds,

John van Lit

["w2kbarf.doc" (application/msword)]
_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic