next »

[govind]

I Tried vpn using  ipsec protocol thn i got eroors like this
 
First tried wit nat traversal=yes option in ipsec.conf: thn i got this error
 
Jul  1 04:31:19 (none) ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) not supported by kernel for family IPv4
Jul  1 04:31:19 (none) ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(2) not supported by kernel for family IPv4
 
So i tried without  NAT  setting in my router.
 
IPSEC.conf
---------
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
conn roadwarrior-net
        leftsubnet=192.168.1.0/24
        also=roadwarrior
conn roadwarrior
        left=%defaultroute
        leftcert=hostcert.pem
        right=%any
        rightcert=CLIENTcert.pem
        auto=start
        pfs=yes
conn block
    auto=ignore
conn private
      auto=ignore
conn private-or-clear
      auto=ignore
conn clear-or-private
      auto=ignore
conn clear
      auto=ignore
conn packetdefault
     auto=ignore
 
 
thn I got this error when start ipsec service
 
Jul  1 21:25:05 (none) pluto[5358]: listening for IKE messages
Jul  1 21:25:05 (none) pluto[5358]: adding interface ipsec0/ppp1000 222.228.172.225:500
Jul  1 21:25:05 (none) pluto[5358]: loading secrets from "/etc/ipsec.secrets"
Jul  1 21:25:05 (none) pluto[5358]:   loaded private key file '/etc/ipsec.d/private/hostkey.pem' (887 bytes)
Jul  1 21:25:05 (none) pluto[5358]: "roadwarrior": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul  1 21:25:05 (none) pluto[5358]: "roadwarrior-net": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul  1 21:25:06 (none) pluto[5358]: "roadwarrior": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Jul  1 21:25:06 (none) pluto[5358]: "roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)

what wil be the error would be, i can't find where the error has rised.
 
How to fix this error,
"roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)

help me please...

govind.

[Ricky]

You have to keep nat traversal = yes .
You need some patch. Someone suggested following but I am not sure if this is the right one.
open-source.arkoon.net/kernel.php#pkthand

I found a detailed instruction , you may see
http://66.102.7.104/search?q=cache:-4EFrfmIr4gJ:ipsec.math.ucla.edu/services/ipsec-linux.html+NAT-Traversal+patch&hl=en&gl=in&ct=clnk&cd=10&client=firefox-a

[govind]

hi Ricky,

Thkx for ur nice reply.

My router is a small device with linux OS (monta vista linux)
so we can't install any new software on tht.
i chked up openssl and ipsec modules are installed.

so i want a solution wit out NAT also ok.

Jul 1 21:25:05 (none) pluto[5358]: "roadwarrior": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul 1 21:25:05 (none) pluto[5358]: "roadwarrior-net": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul 1 21:25:06 (none) pluto[5358]: "roadwarrior": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Jul 1 21:25:06 (none) pluto[5358]: "roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)


let me know any answer regarding this error.

thkx in advance.

bye
govind

   Recommend LS
   Linux User Around