Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Linux in General => Linux Kernel => Topic started by: govind on July 01, 2006, 04:23:10 AM
-
I Tried vpn using ipsec protocol thn i got eroors like this
First tried wit nat traversal=yes option in ipsec.conf: thn i got this error
Jul 1 04:31:19 (none) ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) not supported by kernel for family IPv4
Jul 1 04:31:19 (none) ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(2) not supported by kernel for family IPv4
So i tried without NAT setting in my router.
IPSEC.conf
---------
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.1.0/24
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=hostcert.pem
right=%any
rightcert=CLIENTcert.pem
auto=start
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
thn I got this error when start ipsec service
Jul 1 21:25:05 (none) pluto[5358]: listening for IKE messages
Jul 1 21:25:05 (none) pluto[5358]: adding interface ipsec0/ppp1000 222.228.172.225:500
Jul 1 21:25:05 (none) pluto[5358]: loading secrets from "/etc/ipsec.secrets"
Jul 1 21:25:05 (none) pluto[5358]: loaded private key file '/etc/ipsec.d/private/hostkey.pem' (887 bytes)
Jul 1 21:25:05 (none) pluto[5358]: "roadwarrior": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul 1 21:25:05 (none) pluto[5358]: "roadwarrior-net": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul 1 21:25:06 (none) pluto[5358]: "roadwarrior": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Jul 1 21:25:06 (none) pluto[5358]: "roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
what wil be the error would be, i can't find where the error has rised.
How to fix this error,
"roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
help me please...
govind.
-
You have to keep nat traversal = yes .
You need some patch. Someone suggested following but I am not sure if this is the right one.
open-source.arkoon.net/kernel.php#pkthand
I found a detailed instruction , you may see
http://66.102.7.104/search?q=cache:-4EFrfmIr4gJ:ipsec.math.ucla.edu/services/ipsec-linux.html+NAT-Traversal+patch&hl=en&gl=in&ct=clnk&cd=10&client=firefox-a
-
hi Ricky,
Thkx for ur nice reply.
My router is a small device with linux OS (monta vista linux)
so we can't install any new software on tht.
i chked up openssl and ipsec modules are installed.
so i want a solution wit out NAT also ok.
Jul 1 21:25:05 (none) pluto[5358]: "roadwarrior": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul 1 21:25:05 (none) pluto[5358]: "roadwarrior-net": cannot route template policy of RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS
Jul 1 21:25:06 (none) pluto[5358]: "roadwarrior": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
Jul 1 21:25:06 (none) pluto[5358]: "roadwarrior-net": cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE)
let me know any answer regarding this error.
thkx in advance.
bye
govind