1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RVS4000 to RVS4000 VPN woes

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by rezalas, Mar 13, 2008.

  1. rezalas

    rezalas Guest

    Okay, I'm about ready to chuck this thing in a grinder along with the rep who sold them to me so I decided to come here before I hit prison for a while. Here is the setup:

    RVS4000 x4. 3 of them are remote sites, they all connect back to the main site. The data that will transmit across them is for IP phone interconnection (thus security is needed). I can't get the site-to-site VPN function to work... at all. If I specify the routes manually they always say up... even if the target that they are "up" with isn't online. So, I'm coming here to see if anyone knows something I don't about configurations?

    Firmware 1.1.14

    Local sec group: subnet
    IP : 192.168.x.x subnet 255.255.255.0

    remote sec gateway type: By IP address
    IP : External.IP.address.don'task
    remote sec group: any

    -----------ERROR LOG -----------------
    Code:
    Mar 13 06:04:59 - [VPN Log]: shutting down
    Mar 13 06:04:59 - [VPN Log]: forgetting secrets
    Mar 13 06:04:59 - [VPN Log]: "shawnee": deleting connection
    Mar 13 06:04:59 - [VPN Log]: "shawnee" #1: deleting state (STATE_MAIN_I1)
    Mar 13 06:04:59 - [VPN Log]: ERROR: "shawnee": pfkey write() of SADB_X_DELFLOW message 6 for flow int.0@0.0.0.0 failed. Errno 14: Bad address
    Mar 13 06:05:00 - [VPN Log]: "shawnee": unroute-client output: /usr/local/lib/ipsec/_updown: doroute `ip route delete external.shawnee/32 via 192.168.144.244 dev ipsec0 ' failed (ip: RTNETLINK answers: No such process)
    Mar 13 06:05:00 - [VPN Log]: "shawnee": unroute-client output: /usr/local/lib/ipsec/_updown: doroute `ip route delete external.shawnee/32 via 192.168.144.244 dev ipsec0 ' failed (ip: RTNETLINK answers: No such process)
    Mar 13 06:05:00 - [VPN Log]: "shawnee": unroute-client output: we add the route in manual form
    Mar 13 06:05:00 - [VPN Log]: "shawnee": unroute-client output: route add -net external.shawnee netmask 255.255.255.255 dev ipsec0
    Mar 13 06:05:00 - [VPN Log]: "shawnee": unroute-client output: 1
    Mar 13 06:05:00 - [VPN Log]: shutting down interface ipsec0/eth1 external.remote:4500
    Mar 13 06:05:00 - [VPN Log]: shutting down interface ipsec0/eth1 external.remote:500
    Mar 13 06:05:00 - IPSEC EVENT: KLIPS device ipsec0 shut down.
    Mar 13 06:05:02 - [VPN Log]: Starting Pluto (Openswan Version cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE@ECqImzhFD)
    Mar 13 06:05:02 - [VPN Log]: @(#) built on Oct 8 2007:13:54:46:
    Mar 13 06:05:02 - [VPN Log]: Setting NAT-Traversal port-4500 floating to on
    Mar 13 06:05:02 - [VPN Log]: port floating activation criteria nat_t=1/port_fload=1
    Mar 13 06:05:02 - [VPN Log]: including NAT-Traversal patch (Version 0.6c)
    Mar 13 06:05:02 - [VPN Log]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
    Mar 13 06:05:02 - [VPN Log]: starting up 1 cryptographic helpers
    Mar 13 06:05:03 - [VPN Log]: started helper pid=5853 (fd:5)
    Mar 13 06:05:03 - [VPN Log]: Using KLIPS IPsec interface code on 2.4.19-rmk7
    Mar 13 06:05:03 - [VPN Log]: Changing to directory '/etc/ipsec.d/cacerts'
    Mar 13 06:05:03 - [VPN Log]: Changing to directory '/etc/ipsec.d/aacerts'
    Mar 13 06:05:03 - [VPN Log]: Changing to directory '/etc/ipsec.d/ocspcerts'
    Mar 13 06:05:03 - [VPN Log]: Changing to directory '/etc/ipsec.d/crls'
    Mar 13 06:05:03 - [VPN Log]: Warning: empty directory
    Mar 13 06:05:03 - [VPN Log]: added connection description "shawnee"
    Mar 13 06:05:03 - [VPN Log]: listening for IKE messages
    Mar 13 06:05:03 - [VPN Log]: adding interface ipsec0/eth1 external.remote:500
    Mar 13 06:05:03 - [VPN Log]: adding interface ipsec0/eth1 external.remote:4500
    Mar 13 06:05:03 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"
    Mar 13 06:05:04 - [VPN Log]: "shawnee": route-client output: /usr/local/lib/ipsec/_updown: doroute `ip route add external.shawnee/32 via 192.168.144.244 dev ipsec0 ' failed (ip: RTNETLINK answers: Network is unreachable)
    Mar 13 06:05:04 - [VPN Log]: "shawnee": route-client output: /usr/local/lib/ipsec/_updown: doroute `ip route add external.shawnee/32 via 192.168.144.244 dev ipsec0 ' failed (ip: RTNETLINK answers: Network is unreachable)
    Mar 13 06:05:04 - [VPN Log]: "shawnee": route-client output: we add the route in manual form
    Mar 13 06:05:04 - [VPN Log]: "shawnee": route-client output: route add -net external.shawnee netmask 255.255.255.255 dev ipsec0
    Mar 13 06:05:04 - [VPN Log]: "shawnee": route-client output: 0
    Mar 13 06:05:04 - [VPN Log]: "shawnee" #1: initiating Main Mode 
    
     
  2. yannick91

    yannick91 Guest

    hello,

    i had the same problem to bring up my site to site vpn! this os version of rvs keep lot of bugs in vpn function (and maybe other that we do not use for the moment).

    about your problem :

    you must specify the same configuration (local and remote) like :

    on router1 :

    Local sec group: subnet
    IP : 192.168.1.0 subnet 255.255.255.0

    remote sec gateway type: By IP address
    IP : External.IP.address.don'task
    remote sec group: subnet
    IP : 192.168.2.0 subnet 255.255.255.0

    on router2 :

    Local sec group: subnet
    IP : 192.168.2.0 subnet 255.255.255.0

    remote sec gateway type: By IP address
    IP : External.IP.address.don'task
    remote sec group: subnet
    IP : 192.168.1.0 subnet 255.255.255.0

    this is just an example of configuration who works!!

    don't use the remote sec group: "any" function, this one cause me lot of matters!

    Also the "ip by resolved dns" does not works at all!!!! thats a shame for this type of product and for a company who's close from Cisco!!!

    hope this help!

    regards! ;-)
     

Share This Page