I'm trying to set an IPSec tunnel between 2 hosts, but I get this error:
Code:
Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr 3 15:45:26 ip-10-0-0-216 pluto: adjusting ipsec.d to /etc/ipsec.d
Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 023 address family inconsistency in this connection=2 host=2/nexthop=0
Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 037 attempt to load incomplete connection
Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named "vpc1-to-vpc2"
Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 000 initiating all conns with alias='vpc1-to-vpc2'
Apr 3 15:45:26 ip-10-0-0-216 ipsec__plutorun: 021 no connection named "vpc1-to-vpc2"
I've 2 hosts with these IPs:
Host A
Code:
Public IP: 54.236.163.71
Public DNS: ec2-54-236-163-71.compute-1.amazonaws.com
Private DNS: ip-10-0-0-216.ec2.internal Product Codes:
Private IPs: 10.0.0.216/16
Host B
Code:
Public IP: 54.246.211.133
Public DNS: ec2-54-246-211-133.eu-west-1.compute.amazonaws.com
Private DNS: ip-172-16-0-104.eu-west-1.compute.internal
Private IPs: 172.16.0.104
The private addresses are behind a NAT that gives the public address. From the hosts, I can only get the private IPs with "ifconfig -a"
Here are my IPSec connections configuration:
Host A
Code:
conn vpc1-to-vpc2
type=tunnel
authby=secret
left=10.0.0.216
leftsubnet=10.0.0.0/16
leftnexthop=%defaultroute
right=54.246.211.133
rightsubnet=172.16.0.0/16
pfs=yes
auto=start
Host B
Code:
conn vpc1-to-vpc2
type=tunnel
authby=secret
#left=%defaultroute
left=10.0.0.216
leftsubnet=10.0.0.0/16
leftnexthop=%defaultroute
right=54.246.211.133
rightsubnet=172.16.0.0/16
pfs=yes
auto=start
The secret key files are here:
Host A
Code:
Host A:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc
%any %any: PSK "test"
Host B
Code:
host B:~$ sudo cat /var/lib/openswan/ipsec.secrets.inc
%any %any: PSK "test"
With this configuration I cannot setup a tunnel. I don't understand why I get this problem, because it seems that the IPs are correct. Any help?
