| View previous topic :: View next topic |
| Author |
Message |
kaltag
Tux's lil' helper
Joined: 28 Apr 2004
Posts: 116
Location: Boise, ID
|
 Posted: Thu Apr 17, 2008 9:37 pm Post subject: Openswan: can not create route |
 |
|
I feel like I'm so close to getting this working...I've been fighting with this for weeks now. The apparent problem with error in the log is that ppp0 is my WAN interface and 192.168.1.100 is my lan interface. The IP address appears to be controlled by the leftnexthop= option. Changing it to my external IP gave me "unauthorized connection errors. Also, I believe it's supposed to be bringing up a new ppp interface like ppp1 since ppp0 is already in use?
error:
| Code: | | Apr 17 15:21:28 server pluto[20330]: "roadwarrior-osx-xp"[2] 67.139.154.200 #4: route-host output: /usr/lib/ipsec/_updown: doroute `ip route add 67.139.154.200/32 via 192.168.1.100 dev ppp0 ' failed (RTNETLINK answers: No such process) |
ipsec.conf
| Code: | version 2.0
config setup
klipsdebug=all
plutodebug=all
overridemtu=1410
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:192.168.1.0/24
conn %default
keyingtries=3
compress=no
disablearrivalcheck=no
keyexchange=ike
ikelifetime=240m
keylife=60m
conn roadwarrior-osx-xp
leftprotoport=17/1701
rightprotoport=17/%any
rekey=no
also=roadwarrior
conn roadwarrior
authby=secret
pfs=no
type=tunnel
left=%defaultroute
leftnexthop=192.168.1.100
right=%any
rightsubnet=vhost:%no,%priv
auto=add
include /etc/ipsec.d/examples/no_oe.conf
|
xl2tpd.conf
| Code: |
; xl2tpd.conf
;
[global]
;listen-addr = 192.168.1.100
port = 1701
[lns default]
ip range = 192.168.1.2-192.168.1.50
local ip = 192.168.1.51
require chap = yes
refuse pap = yes
require authentication = yes
name = MyVPN
ppp debug = yes
pppoptfile = /etc/ppp/options.l2tpd
length bit = yes
|
route -n
| Code: | Destination Gateway Genmask Flags Metric Ref Use Iface
67.41.38.205 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 67.41.38.205 0.0.0.0 UG 0 0 0 ppp0
|
For reference my network looks like this: INTERNET-->ppp0 my.wan.ip.here--server/gateway/firewall--eth1 192.168.1.100-->LAN
_________________
Yeah, I know about the recovery console. Usually, it doesn't do anything more than I can do with a match, a weedwhacker, and a sledgehammer. Actually, it does a whole lot less. - Caffinehog |
|
| Back to top |
|
 |
mrness
Retired Dev
Joined: 17 Feb 2004
Posts: 375
Location: bucharest.ro
|
| Posted: Tue Apr 22, 2008 6:02 am Post subject: |
|
|
Your leftnexthop is wrong. In your case it should have been 67.41.38.205 or %any.
However, if you use %any I doubt that openswan will be able to discover which part of the tunnel (left or right) is the local endpoint. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
