[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPsec & failed to get sainfo
 Date:  Tue, 21 Dec 2004 17:17:41 -0500
On Tue, 21 Dec 2004 20:50:03 +0100, Robert Salomons
<rh underscore salomons at solcon dot nl> wrote:
> Robert,
> 
> Router 1 says in SPD:
> 192.168.0.0/16[any] 192.168.10.3[any] any
>         in none
>         spid=13 seq=3 pid=384
>         refcnt=1
> 192.168.5.0/24[any] 192.168.0.0/16[any] any
>         in ipsec
>         esp/tunnel/.124.102-62.177.221.219/unique#16392
>         spid=16 seq=2 pid=384
>         refcnt=1
> 192.168.10.3[any] 192.168.0.0/16[any] any
>         out none
>         spid=14 seq=1 pid=384
>         refcnt=1
> 192.168.0.0/16[any] 192.168.5.0/24[any] any
>         out ipsec
>         esp/tunnel/62.177.221.219-82.161.124.102/unique#16391
>         spid=15 seq=0 pid=384
>         refcnt=1btw, i also tried versions 1.0 etc... they give al the same
>

You can't have a subnet on one side the same as, or contained within
the subnet of the other.  You'll have to change that 192.168.0.0/16 to
/24, or something similar that doesn't contain 192.168.5.0/24.

-Chris