Hello Anant, your problem is actually self-explaining. How do you want to connect to a remote endpoint if with right=%any its IP address is not known!!!
right=%any can only be used for passive reponders waiting for endpoints to connect. Regards Andreas On 05/04/2012 06:25 PM, Raman, Anant wrote: > I am unable to get the road warrior configuration working. It’s giving > me the 029 error cannot initiate connection with peer IP address. > > I appreciate any help. > > Thanks, > > Anant Raman > > I am using the road warrior configuration from the README documentation > from strongSwan Version 4.5.3. I am using a shared secret, not certs. > > Secure Network ß----------à VPN Gateway ß---------------à Road Warrior > > 10.2.115.0/24 10.2.115.132 ---143.182.89.37 143.182.89.0/24 > > The error in VPN Gateway: > > 029 "rw": cannot initiate connection without knowing peer IP address > > The road warrior “ipsec up home” does not return, times out eventually > > The ipsec.secrets file: > > i143.182.89.37 143.182.89.137 : PSK "shared key" > > Ipsec.conf at VPN Gateway: > > # Add connections here. > > conn %default > > ikelifetime=60m > > keylife=1m > > rekeymargin=3m > > keyingtries=1 > > keyexchange=ikev1 > > ike=aes128-sha-modp2048! > > esp=aes128-sha1! > > #conn host-host > > # left=192.168.1.1 > > # leftfirewall=no > > # rightfirewall=no > > # right=192.168.1.2 > > # auto=start > > # authby=secret > > #conn net-net > > # rightfirewall=no > > # right=192.168.1.2 > > # rightsubnet=10.2.115.0/24 > > # left=192.168.1.1 > > # leftfirewall=no > > # leftsubnet=143.182.89.0/24 > > # auto=start > > # authby=secret > > conn rw > > left=143.182.89.37 > > leftsubnet=10.2.115.0/24 > > right=%any > > rightfirewall=no > > auto=add > > authby=secret > > ipsec.conf at the roadwarror > > config setup > > plutodebug=none > > crlcheckinterval=180 > > strictcrlpolicy=no > > # cachecrls=yes > > # nat_traversal=yes > > charonstart=no > > plutostart=yes > > interfaces=eth3 > > conn %default > > ikelifetime=60m > > keylife=1m > > rekeymargin=3m > > keyingtries=1 > > keyexchange=ikev1 > > ike=aes128-sha-modp2048! > > esp=aes128-sha1! > > # Add connections here. > > conn home > > right=143.182.89.37 > > rightsubnet=10.2.115.0/24 > > left=%defaultroute > > auto=start > > authby=secret > > The command line at the VPN Gateway: > > [root@ll-ck1 etc]# ipsec start > > Starting strongSwan 4.5.3 IPsec [starter]... > > !! Your strongswan.conf contains manual plugin load options for > > !! pluto and/or charon. This is recommended for experts only, see > > !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad > > [root@ll-ck1 etc]# ipsec up rw > > 029 "rw": cannot initiate connection without knowing peer IP address > > [root@ll-ck1 etc]# ipsec status > > 000 "rw": 10.2.115.0/24===143.182.89.37[143.182.89.37]...%any[%any]; > unrouted; eroute owner: #0 > > 000 "rw": newest ISAKMP SA: #0; newest IPsec SA: #0; > > 000 > > [root@ll-ck1 etc]# > > The command line output at the roadwarrior: > > [root@ll-ck3 etc]# ipsec start > > Starting strongSwan 4.5.3 IPsec [starter]... > > !! Your strongswan.conf contains manual plugin load options for > > !! pluto and/or charon. This is recommended for experts only, see > > !! http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad > > [root@ll-ck3 etc]# ipsec up home > > ^C > > [root@ll-ck3 etc]# ipsec status > > 000 "home": > 143.182.89.137[143.182.89.137]---143.182.89.1...143.182.89.37[143.182.89.37]===10.2.115.0/24; > unrouted; eroute owner: #0 > > 000 "home": newest ISAKMP SA: #0; newest IPsec SA: #0; > > 000 > > 000 #1: "home" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT > in 8s > > 000 #1: pending Phase 2 for "home" replacing #0 > > 000 > > [root@ll-ck3 etc]# ipsec up home > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
