From: Mick <mic...@gm...> - 2012-04-03 20:55:38
|
On Tuesday 03 Apr 2012 17:57:49 you wrote: > Hi Mick, > > I have uninstalled openswan and indeed now I can restart racoon and are > able to try connecting again but still the same problem and error message. > At least I don't have to reboot every time now! > > I could not find any ipsec.conf file now, not under racoon: I am guessing that you are running some RHL based distro. I understand that they are not using such a file to define SAs and SPDs in, but create them on the run using the racoon scripts. I don't have access to a RHL machine at this stage to know what's what ... > setkey now does not have that discard rule, it has now: > x.x.x.0/24[any] y.y.y.0/24[any] any > fwd prio def ipsec > esp/tunnel/x.x.x.103-y.y.y.201/require > ah/tunnel/x.x.x.103-y.y.y.201/require > created: Apr 3 19:41:51 2012 lastused: > lifetime: 0(s) validtime: 0(s) > spid=18 seq=11 pid=2113 > refcnt=1 > x.x.x.0/24[any] y.y.y.0/24[any] any > in prio def ipsec > esp/tunnel/x.x.x.103-y.y.y.201/require > ah/tunnel/x.x.x.103-y.y.y.201/require > created: Apr 3 19:41:51 2012 lastused: > lifetime: 0(s) validtime: 0(s) > spid=8 seq=12 pid=2113 > refcnt=1 > y.y.y.0/24[any] x.x.x.0/24[any] any > out prio def ipsec > esp/tunnel/y.y.y.201-x.x.x.103/require > ah/tunnel/y.y.y.201-x.x.x.103/require > created: Apr 3 19:41:51 2012 lastused: > lifetime: 0(s) validtime: 0(s) > spid=1 seq=0 pid=2113 > refcnt=1 Let's look at your configuration again: SRC=y.y.y.201 SRCNET=y.y.y.0/24 DST=x.x.x.103 DSTNET=x.x.x.0/24 TYPE=IPSEC ONBOOT=no IKE_METHOD=PSK Try this in case it fixes your problem: TYPE=IPSEC ONBOOT=no IKE_METHOD=PSK SRCGW=y.y.y.201 DSTGW=x.x.x.103 SRCNET=y.y.y.0/24 DSTNET=x.x.x.0/24 DST=x.x.x.106 -- Regards, Mick |