The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
[ HOME | TOPICS | INDEX | WEB RESOURCES | BOOKS | CONTRIBUTE | SEARCH | FEEDBACK | FAQ | FORUMS ]
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Previous Message  |  Next Message 
 Multiple connections not possible?
Author: Janno Hordijk 
Date:   23-05-05 15:02

I've got 3 networks I want to link together. I already did this unsecured by tunneling them over gif0, gif1 and gif2 simultaneously.

Then I started to make them secure. I am able to that for one link at the same time like Network 1 <-> Network 2.

But the desired situation would be:

Network1 <-> Network 2 AND
Network2 <-> Network 3

But as soon as I want to bring up the second network (it doesn't matter in what order you do this) only the first connection will work.

For every second connection I got this:

2005-05-23 16:54:00: INFO: pfkey.c:1466:pk_recvexpire(): IPsec-SA expired: ESP/Tunnel 192.168.2.1->192.168.4.1 spi=120379156(0x72cd714)
2005-05-23 16:54:00: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 negotiation: 192.168.2.1[0]<=>192.168.4.1[0]
2005-05-23 16:54:00: INFO: pfkey.c:1466:pk_recvexpire(): IPsec-SA expired: ESP/Tunnel 192.168.4.1->192.168.2.1 spi=133041154(0x7ee0c02)
2005-05-23 16:54:00: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA established: ESP/Tunnel 192.168.4.1->192.168.2.1 spi=251253906(0xef9d492)
2005-05-23 16:54:00: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established: ESP/Tunnel 192.168.2.1->192.168.4.1 spi=40615243(0x26bbd4b)
2005-05-23 16:54:04: INFO: isakmp.c:1059:isakmp_ph2begin_r(): respond new phase 2 negotiation: 192.168.2.1[0]<=>192.168.1.1[0]
2005-05-23 16:54:04: ERROR: isakmp_quick.c:2030:get_proposal_r(): no policy found: 192.168.1.0/24[0] 192.168.2.0/24[0] proto=any dir=in
2005-05-23 16:54:04: ERROR: isakmp_quick.c:1071:quick_r1recv(): failed to get proposal for responder.
2005-05-23 16:54:04: ERROR: isakmp.c:1073:isakmp_ph2begin_r(): failed to pre-process packet.


What is my error in this?

As you can see the link between 192.168.4.1->192.168.2.1 is ok but the second connection between 192.168.1.0/24[0] 192.168.2.0/24[0] fails. When I reverse the order the link 192.168.4.1->192.168.2.1 fails and the 192.168.1.1->192.168.2.1 succeeds. So I think it's not my config but I'm not for sure off course.

I really hope you can help me,

Best regards,

Janno Hordijk
MagicServices

 Reply To This Message  |  Forum List  |  Flat View   Newer Topic  |  Older Topic 

 Topics Author  Date
 Multiple connections not possible?   new
Janno Hordijk 23-05-05 15:02 


 Forum List  |  Need a Login? Register Here 
 User Login
 User Name:
 Password:
 Remember my login:
   
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum

phorum.org