I am trying to build a network of IPCop 1.4.10 to encrypt my wireless building to building networks.
So I want to use the IPCops for net-to-net VPN, and the RED network is all mine!
That means all the RED networks are in the same network segment (e.g. 18.104.22.168/24), but there are different networks on all GREEN sides.
I have tried following some step-by-step guides but still can't seem to make it work. In the VPN-tab of IPCop the connection keeps Closed.
Does anybody have a clue why this could happen?
Network setup example:
GREEN RED RED GREEN
10.100.30.5 -- 22.214.171.124 --WLAN--- 126.96.36.199 -- 10.100.31.1
(10.100.30.0/24 -------- 188.8.131.52/24 ----------- 10.100.31.0/24)
On ipcop1 are the following settings:
left subnet: 10.100.30.0/255.255.255.0
right subnet: 10.100.31.0/255.255.255.0
On ipcop2 are the following settings:
left subnet: 10.100.31.0/255.255.255.0
right subnet: 10.100.30.0/255.255.255.0
Authentication are set to Pre-Shared Key (Yes, I will use certs, I just want to make it work first)
As I have already said the VPN tunnel won't start, it's status is CLOSED.
I recognize that the ipsec interface on ipcop1 is using eth0(GREEN interface). Is this correct?
11:26:32 pluto | found eth0 with address 192.168.30.1
11:26:32 pluto | found eth1 with address 192.168.90.1
11:26:32 pluto | found ipsec0 with address 192.168.30.1
11:26:32 pluto | IP interface eth1 192.168.90.1 has no matching ipsec* interface -- ignored
11:26:32 pluto adding interface ipsec0/eth0 192.168.30.1
11:26:32 pluto adding interface ipsec0/eth0 192.168.30.1:4500
According to what I know this means ipcop1 is expecting incoming VPN connections on GREEN interface, or am I wrong?
The other server, ipcop2, keeps telling me the following in the log:
"ipcop-vpn" #2: ERROR: asynchronous network error report on eth1 for message to 192.168.90.1 port 500, complainant 192.168.90.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Anyone got a possible solution?