March 19, 2024, 07:40:54 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: vpn with ipsec -error  (Read 8534 times)

Offline govind

  • New Member
  • Posts: 2
vpn with ipsec -error
« on: July 01, 2006, 04:23:10 AM »
I Tried vpn using  ipsec protocol thn i got eroors like this
 
First tried wit nat traversal=yes option in ipsec.conf: thn i got this error
 
Jul  1 04:31:19 (none) ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) not supported by kernel for family IPv4
Jul  1 04:31:19 (none) ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(2) not supported by kernel for family IPv4
 
So i tried without  NAT  setting in my router.
 
IPSEC.conf
---------
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
conn roadwarrior-net
        leftsubnet=192.168.1.0/24
        also=roadwarrior
conn roadwarrior
        left=%defaultroute
        leftcert=hostcert.pem
        right=%any
        rightcert=CLIENTcert.pem
        auto=start
        pfs=yes
conn block
    auto=ignore
conn private
      auto=ignore
conn private-or-clear
      auto=ignore
conn clear-or-private
      auto=ignore
conn clear
      auto=ignore
conn packetdefault
     auto=ignore
 
 
thn I got this error when start ipsec service
 
Jul  1 21:25:05 (none) pluto[5358]: listening for IKE messages
Jul  1 21:25:05 (none) pluto[5358]: adding interface ipsec0/ppp1000 222.228.172.225:500
Jul  1 21:25:05 (none) pluto[5358]: loading secrets from "/etc/ipsec.secrets"
Jul  1 21:25:05 (none) pluto[5358]:   loaded private key file '/etc/ipsec.d/private/hostkey.pem' (887 bytes)
Jul  1 21:25:05 (none) pluto[5358]: "roadwarrior": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul  1 21:25:05 (none) pluto[5358]: "roadwarrior-net": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul  1 21:25:06 (none) pluto[5358]: "roadwarrior": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Jul  1 21:25:06 (none) pluto[5358]: "roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)

what wil be the error would be, i can't find where the error has rised.
 
How to fix this error,
"roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)

help me please...

govind.

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
vpn with ipsec -error
« Reply #1 on: July 01, 2006, 06:04:37 AM »
You have to keep nat traversal = yes .
You need some patch. Someone suggested following but I am not sure if this is the right one.
open-source.arkoon.net/kernel.php#pkthand

I found a detailed instruction , you may see
http://66.102.7.104/search?q=cache:-4EFrfmIr4gJ:ipsec.math.ucla.edu/services/ipsec-linux.html+NAT-Traversal+patch&hl=en&gl=in&ct=clnk&cd=10&client=firefox-a

Offline govind

  • New Member
  • Posts: 2
vpn with ipsec -error
« Reply #2 on: July 03, 2006, 03:03:47 AM »
hi Ricky,

Thkx for ur nice reply.

My router is a small device with linux OS (monta vista linux)
so we can't install any new software on tht.
i chked up openssl and ipsec modules are installed.

so i want a solution wit out NAT also ok.

Jul 1 21:25:05 (none) pluto[5358]: "roadwarrior": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul 1 21:25:05 (none) pluto[5358]: "roadwarrior-net": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul 1 21:25:06 (none) pluto[5358]: "roadwarrior": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Jul 1 21:25:06 (none) pluto[5358]: "roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)


let me know any answer regarding this error.

thkx in advance.

bye
govind