'[Openswan Users] Set up IPSec connection: address family inconsistency in this connection=2 host=2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    [Openswan Users] Set up IPSec connection: address family inconsistency in this connection=2 host=2
From:       Pedro_Sá_da_Costa <psdc1978 () gmail ! com>
Date:       2013-04-03 17:37:36
Message-ID: CAJ8VZfV5umhqASbzLB8A_AWuDQRH=Ow4mxxRdCEdYy5c39Ldvg () mail ! gmail ! com
[Download RAW message or body]

I'm trying to set an IPSec tunnel between 2 hosts, but I get this error:
[code]
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: adjusting ipsec.d to
/etc/ipsec.d
Apr  3 15:45:26 ip-10-0-0-216 pluto: adjusting ipsec.d to /etc/ipsec.d
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 023 address family
inconsistency in this connection=2 host=2/nexthop=0
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 037 attempt to load
incomplete connection
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named
"vpc1-to-vpc2"
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 000 initiating all conns
with alias='vpc1-to-vpc2'
Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named
"vpc1-to-vpc2"
[/code]

I've 2 hosts with these IPs:

[B]Host A[/B]
[code]
Public IP: 54.236.163.71
Public DNS: ec2-54-236-163-71.compute-1.amazonaws.com
Private DNS: ip-10-0-0-216.ec2.internal Product Codes:
Private IPs: 10.0.0.216/16
[/code]

[B]Host B[/B]
[code]
Public IP: 54.246.211.133
Public DNS: ec2-54-246-211-133.eu-west-1.compute.amazonaws.com
Private DNS: ip-172-16-0-104.eu-west-1.compute.internal
Private IPs: 172.16.0.104
[/code]

The private addresses are behind a NAT that gives the public address. From
the hosts, I can only get the private IPs with "ifconfig -a"


Here are my IPSec connections configuration:
[B]Host A[/B]
[code]
conn vpc1-to-vpc2
type=tunnel
 authby=secret
left=10.0.0.216
leftsubnet=10.0.0.0/16
 leftnexthop=%defaultroute
right=54.246.211.133
rightsubnet=172.16.0.0/16
 pfs=yes
auto=start
[/code]

[B]Host B[/B]
[code]
conn vpc1-to-vpc2
 type=tunnel
authby=secret
#left=%defaultroute
 left=10.0.0.216
leftsubnet=10.0.0.0/16
leftnexthop=%defaultroute
 right=54.246.211.133
rightsubnet=172.16.0.0/16
pfs=yes
 auto=start
[/code]

The secret key files are here:
[B]Host A[/B]
[code]
Host A:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc
%any %any: PSK "test"
[/code]

[B]Host B[/B]
[code]
host B:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc
%any %any: PSK "test"
[/code]

With this configuration I cannot setup a tunnel. I don't understand why I
get this problem, because it seems that the IPs are correct. Any help?

-- 
Best regards,

[Attachment #3 (text/html)]

<div dir="ltr"><div>I&#39;m trying to set an IPSec tunnel between 2 hosts, but I get \
this error:</div><div>[code]</div><div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: \
adjusting ipsec.d to /etc/ipsec.d</div><div>Apr  3 15:45:26 ip-10-0-0-216 pluto: \
adjusting ipsec.d to /etc/ipsec.d</div>

<div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 023 address family inconsistency \
in this connection=2 host=2/nexthop=0</div><div>Apr  3 15:45:26 ip-10-0-0-216 \
ipsec__plutorun: 037 attempt to load incomplete connection</div>

<div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named \
&quot;vpc1-to-vpc2&quot;</div><div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 000 \
initiating all conns with alias=&#39;vpc1-to-vpc2&#39; </div>

<div>Apr  3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named \
&quot;vpc1-to-vpc2&quot;</div><div>[/code]</div><div><br></div><div>I&#39;ve 2 hosts \
with these IPs:</div><div><br></div><div>[B]Host A[/B]</div>

<div>[code]</div><div>Public IP: 54.236.163.71</div><div>Public DNS: <a \
href="http://ec2-54-236-163-71.compute-1.amazonaws.com">ec2-54-236-163-71.compute-1.amazonaws.com</a></div><div>Private \
DNS: ip-10-0-0-216.ec2.internal<span class="" style="white-space:pre">	</span>Product \
Codes:</div>

<div>Private IPs: <a \
href="http://10.0.0.216/16">10.0.0.216/16</a></div><div>[/code]</div><div><br></div><div>[B]Host \
B[/B]</div><div>[code]</div><div>Public IP: 54.246.211.133</div><div>Public DNS: <a \
href="http://ec2-54-246-211-133.eu-west-1.compute.amazonaws.com">ec2-54-246-211-133.eu-west-1.compute.amazonaws.com</a></div>


<div>Private DNS: ip-172-16-0-104.eu-west-1.compute.internal<span class="" \
style="white-space:pre">	</span></div><div>Private IPs: \
172.16.0.104</div><div>[/code]</div><div><br></div><div>The private addresses are \
behind a NAT that gives the public address. From the hosts, I can only get the \
private IPs with &quot;ifconfig -a&quot;</div>

<div><br></div><div><br></div><div>Here are my IPSec connections \
configuration:</div><div>[B]Host A[/B]</div><div>[code]</div><div>conn \
vpc1-to-vpc2</div><div><span class="" \
style="white-space:pre">	</span>type=tunnel</div>

<div><span class="" style="white-space:pre">	</span>authby=secret</div><div><span \
class="" style="white-space:pre">	</span>left=10.0.0.216</div><div><span class="" \
style="white-space:pre">	</span>leftsubnet=<a \
href="http://10.0.0.0/16">10.0.0.0/16</a></div>

<div><span class="" style="white-space:pre">	</span>leftnexthop=%defaultroute</div><div><span \
class="" style="white-space:pre">	</span>right=54.246.211.133</div><div><span \
class="" style="white-space:pre">	</span>rightsubnet=<a \
href="http://172.16.0.0/16">172.16.0.0/16</a></div>

<div><span class="" style="white-space:pre">	</span>pfs=yes</div><div><span class="" \
style="white-space:pre">	</span>auto=start</div><div>[/code]</div><div><br></div><div>[B]Host \
B[/B]</div><div>[code]</div><div>conn vpc1-to-vpc2</div>

<div><span class="" style="white-space:pre">	</span>type=tunnel</div><div><span \
class="" style="white-space:pre">	</span>authby=secret</div><div><span class="" \
style="white-space:pre">	</span>#left=%defaultroute</div><div>

<span class="" style="white-space:pre">	</span>left=10.0.0.216</div><div><span \
class="" style="white-space:pre">	</span>leftsubnet=<a \
href="http://10.0.0.0/16">10.0.0.0/16</a></div><div><span class="" \
style="white-space:pre">	</span>leftnexthop=%defaultroute</div>

<div><span class="" style="white-space:pre">	</span>right=54.246.211.133</div><div><span \
class="" style="white-space:pre">	</span>rightsubnet=<a \
href="http://172.16.0.0/16">172.16.0.0/16</a></div><div><span class="" \
style="white-space:pre">	</span>pfs=yes</div>

<div><span class="" style="white-space:pre">	</span>auto=start</div><div>[/code]</div><div><br></div><div>The \
secret key files are here:</div><div>[B]Host A[/B]</div><div>[code]</div><div>Host \
A:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc</div>

<div>%any %any: PSK &quot;test&quot;</div><div>[/code]</div><div><br></div><div>[B]Host \
B[/B]</div><div>[code]</div><div>host B:~$ sudo cat \
/var/lib/openswan/ipsec.secrets.inc</div><div>%any %any: PSK &quot;test&quot;</div>

<div>[/code]</div><div><br></div><div>With this configuration I cannot setup a \
tunnel. I don&#39;t understand why I get this problem, because it seems that the IPs \
are correct. Any help?</div><div><br></div>-- <br>Best regards,<br>


</div>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic