I have successfully configured IPsec tunnels between
numerous remote locations, but when configuring a tunnel
between an ASL box that is using a /24 netmask to another
ASL box that is exporting a network with a /16 netmask,
it seems that the WebAdmin (or IPsec itself, although I find
that hard to believe), treats the address as /24.
I have checked and double-checked all network definitions,
and IPsec configurations, but I am unable to get the tunnel
working.
Here's a small excerpt of what /var/log/auth says --
Left side:
Mar 8 17:37:31 shadowgate Pluto[14165]: "to-oslo_1" #33: cannot respond to IPsec SA request because no connection is known for 10.10.144.0/24===217.xx.x.xx...217.xx.xx.xx===10.201.0.0/24
Right side: (where the /16 network resides)
Mar 8 17:39:07 astaro-oslo Pluto[16228]: "to-bergen_1" #36: cannot respond to IPsec SA request because no connection is known for 10.201.0.0/16===217.xx.xx.xx...217.xx.x.xx===10.10.144.0/24
Notice that the right side correctly states "10.201.0.0/16",
whereas the left insists on "10.201.0.0/24".
The definitions are the same on both ends, but I suspect
the reason it is different on the right side, is because that
machine has a static route to it.
I have tried locating the files in /var/chroot-ipsec that contain
the information about the IPsec tunnels, but to no avail.
I have also noticed this problem in the PPTP/Roadwarrior
config in the webclient, where I entered a /16 mask, and
it still told me that the maximum number of hosts were 254..
I'm running the 3.020 version of Astaro.
Best regards,
// Martin
[ 09 March 2002: Message edited by: Martin Andersen ]
This thread was automatically locked due to age.
