This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't start Net 2 Net VPN, help.

I am trying to set up a Net 2 Net VPN using Astaro 3.208

I have defined it as:
Local red
Local Internal lan
TO
Foreign Red
Foreign Internal lan

One side of the connection loads fine and I get the VPN route appearing with %hold as it waits for packets.  The other side won't add a route.  I get this in the IPSEC log... (The ADSL uses a static IP).  Any clues ?

Aug 21 10:20:45 adsl-203-15-140-27 ipsec__plutorun: Starting Pluto subsystem...
Aug 21 10:20:45 adsl-203-15-140-27 Pluto[10872]: Starting Pluto (FreeS/WAN Version 1.96)
Aug 21 10:20:45 adsl-203-15-140-27 Pluto[10872]: Changing to directory '/etc/ipsec.d/cacerts'
Aug 21 10:20:45 adsl-203-15-140-27 Pluto[10872]:   including X.509 patch (Version 0.9.9)
Aug 21 10:20:45 adsl-203-15-140-27 Pluto[10872]:   Warning: empty directory
Aug 21 10:20:43 adsl-203-15-140-27 Pluto[9319]: forgetting secrets
Aug 21 10:20:43 adsl-203-15-140-27 Pluto[9319]: "MicromineBris_1": deleting connection
Aug 21 10:16:17 adsl-203-15-140-27 Pluto[9319]: no public interfaces found
Aug 21 10:16:17 adsl-203-15-140-27 Pluto[9319]: loading secrets from "/etc/ipsec.secrets"
Aug 21 10:16:17 adsl-203-15-140-27 Pluto[9319]: "MicromineBris_1": we have no ipsecN interface for either end of this connection
Aug 21 10:12:40 adsl-203-15-140-27 ipsec_setup: Starting FreeS/WAN IPsec 1.96...
Aug 21 10:12:39 adsl-203-15-140-27 ipsec_setup: ...FreeS/WAN IPsec stopped
Aug 21 10:12:38 adsl-203-15-140-27 ipsec_setup: Stopping FreeS/WAN IPsec...
Aug 21 10:09:19 adsl-203-15-140-27 ipsec__plutorun: 022 "MicromineBris_1": we have no ipsecN interface for either end of this connection
Aug 21 10:09:19 adsl-203-15-140-27 ipsec__plutorun: ...could not start conn "MicromineBris_1"
Aug 21 10:09:18 adsl-203-15-140-27 ipsec__plutorun: 022 "MicromineBris_1": we have no ipsecN interface for either end of this connection
Aug 21 10:09:18 adsl-203-15-140-27 ipsec__plutorun: 003 no public interfaces found
Aug 21 10:09:18 adsl-203-15-140-27 ipsec__plutorun: ...could not route conn "MicromineBris_1"
Aug 21 10:09:13 adsl-203-15-140-27 ipsec_setup: KLIPS debug `none'
Aug 21 10:09:13 adsl-203-15-140-27 ipsec_setup: ...FreeS/WAN IPsec started

This thread was automatically locked due to age.

Parents

0 Polluxxx over 23 years ago

Hi there,

I think here:
Aug 21 10:16:17 adsl-203-15-140-27 Pluto[9319]: no public interfaces found

is the problem.

can you please check the configfile:
/var/chroot-ipsec/etc/ipsec.conf and see what your interface mapping is:
i.E: "interfaces="ipsec0=eth1"

is ethXX your external interface and is it present?

Kind regards
/polluxxx
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Polluxxx over 23 years ago

Hi there,

I think here:
Aug 21 10:16:17 adsl-203-15-140-27 Pluto[9319]: no public interfaces found

is the problem.

can you please check the configfile:
/var/chroot-ipsec/etc/ipsec.conf and see what your interface mapping is:
i.E: "interfaces="ipsec0=eth1"

is ethXX your external interface and is it present?

Kind regards
/polluxxx
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Simon Shaw over 23 years ago in reply to Polluxxx

Here is part of the file..
#
# Default Configuration File for FreeS/WAN IPSEC
#

config setup
        interfaces=""
        klipsdebug=none
        plutodebug=none
        dumpdir=
        manualstart=
        pluto=yes
        plutoload=%search
        plutostart=%search
        plutowait=no
        fragicmp=no
        packetdefault=drop
        hidetos=yes
        uniqueids=yes
        overridemtu=16260
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 23 years ago in reply to Simon Shaw

interfaces= seems to get cleared all the time when I stop and restart the connection I have made.
I added
interfaces="ipsec0=eth1 ipsec1=ppp0"
and next time I look its back to:
interfaces=""
interfaces=%defaultroute gets cleared too
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 23 years ago in reply to Simon Shaw

Does it matter that Red is PPPoE ?
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 23 years ago in reply to Simon Shaw

eth0=name if internal NIC. Up and running.
eth1=external nick
ppp0=PPPoE bound to eth1 which is up and running.
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 23 years ago in reply to Simon Shaw

Bump 1 & only
Cancel
Vote Up 0 Vote Down

Cancel
0 programmingart over 23 years ago in reply to Simon Shaw

PPPoe + IPSEC = Headaches.....
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 23 years ago in reply to programmingart

Could you be more specific ? [:)]
Cancel
Vote Up 0 Vote Down

Cancel
0 MSz over 23 years ago in reply to Simon Shaw

Do both sides use a DSL modem with dynamically assigned IP addresses ?
That will not work!

You should have at least on one side a statically assigned IP. You should assign "dynamic IP address" for the PPPoE interface on both Astaros.
The tunnel can only be established from the Astaro with the dynamically assigned IP because the other side does not know where to send the IP packages at the beginning! It can only proof that the subnet and key is correct and except an request based on that info.

I have a running connection of that kind. I would never recommend it but I did not have a choice.
Cancel
Vote Up 0 Vote Down

Cancel
0 Simon Shaw over 23 years ago in reply to MSz

Both ends have a static IP, including the DSL.
Cancel
Vote Up 0 Vote Down

Cancel
0 MSz over 23 years ago in reply to Simon Shaw

[:S]P over PPPoE.
Could you check your external interface configurations?
The official IP of the DSL modem should be assigned to the eth1 (external interface) of Astaro as well. PPPoE lets looking them like one virtuell device. That's my understanding.
Surely, you have checked that anythink else works between the Astaros (ping, ssh login, web login ...)
Cancel
Vote Up 0 Vote Down

Cancel