<div class="MsoNormal">Hi everyone,</div> <div class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">This should be a really simple configuration, I am looking to connect two subnetworks (softlayer and 10.23.23.0/24), and I believe the authentication is fine. However, I try to ping the network and it’s a no go. If anyone has any ideas, I’d be extremely grateful.</div> <div class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">Here’s what I get from ipsec auto status:</div> <div class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">000 interface lo/lo ::1</div> <div class="MsoNormal">000 interface lo/lo 127.0.0.1</div> <div class="MsoNormal">000 interface lo/lo 127.0.0.1</div> <div class="MsoNormal">000 interface eth0/eth0 66.92.2.246</div> <div class="MsoNormal">000 interface eth0/eth0 66.92.2.246</div> <div class="MsoNormal">000 interface eth1/eth1 10.23.23.1</div> <div class="MsoNormal">000 interface eth1/eth1
10.23.23.1</div> <div class="MsoNormal">000 %myid = (none)</div> <div class="MsoNormal">000 debug none</div> <div class="MsoNormal">000</div> <div class="MsoNormal">000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64</div> <div class="MsoNormal">000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192</div> <div class="MsoNormal">000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448</div> <div class="MsoNormal">000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0</div> <div class="MsoNormal">000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256</div> <div class="MsoNormal">000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256</div> <div class="MsoNormal">000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256</div> <div
class="MsoNormal">000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128</div> <div class="MsoNormal">000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160</div> <div class="MsoNormal">000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256</div> <div class="MsoNormal">000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0</div> <div class="MsoNormal">000</div> <div class="MsoNormal">000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192</div> <div class="MsoNormal">000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128</div> <div class="MsoNormal">000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16</div> <div class="MsoNormal">000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20</div> <div class="MsoNormal">000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits=1024</div> <div class="MsoNormal">000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536</div> <div class="MsoNormal">000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048</div> <div class="MsoNormal">000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072</div> <div class="MsoNormal">000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096</div> <div class="MsoNormal">000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144</div> <div class="MsoNormal">000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192</div> <div class="MsoNormal">000</div> <div class="MsoNormal">000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}</div> <div class="MsoNormal">000</div> <div class="MsoNormal">000 "softlayer": 10.23.23.0/24===66.92.2.246---66.92.2.1...10.12.132.1---38.96.196.93===10.12.132.64/26;
erouted; eroute owner: #2</div> <div class="MsoNormal">000 "softlayer": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;</div> <div class="MsoNormal">000 "softlayer": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0</div> <div class="MsoNormal">000 "softlayer": policy: PSK+ENCRYPT+TUNNEL+UP; prio: 24,26; interface: eth0;</div> <div class="MsoNormal">000 "softlayer": newest ISAKMP SA: #1; newest IPsec SA: #2;</div> <div class="MsoNormal">000 "softlayer": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024</div> <div class="MsoNormal">000</div> <div class="MsoNormal">000 #2: "softlayer":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28196s; newest IPSEC; eroute owner</div> <div class="MsoNormal">000 #2: "softlayer" <a href="mailto:esp.6ad0d110@38.96.196.93">esp.6ad0d110@38.96.196.93</a> <a
href="mailto:esp.dca4fcdd@66.92.2.246">esp.dca4fcdd@66.92.2.246</a> <a href="mailto:tun.0@38.96.196.93">tun.0@38.96.196.93</a> <a href="mailto:tun.0@66.92.2.246">tun.0@66.92.2.246</a></div> <div class="MsoNormal">000 #1: "softlayer":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2754s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)</div> <div class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">Ipsec.conf:</div> <div class="MsoNormal">version 2.0 </div> <div class="MsoNormal"># basic configuration</div> <div class="MsoNormal">config setup</div> <div class="MsoNormal"> interfaces="ipsec0=eth0"</div> <div class="MsoNormal"> nat_traversal=yes</div> <div class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">include /etc/ipsec.d/*.conf</div> <div class="MsoNormal"><o:p> </o:p></div> <div
class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">softlayer.conf:</div> <div class="MsoNormal">conn softlayer</div> <div class="MsoNormal"> type=tunnel</div> <div class="MsoNormal"> authby=secret</div> <div class="MsoNormal"> auto=start</div> <div class="MsoNormal"> left=66.92.2.246</div> <div class="MsoNormal"> leftnexthop=66.92.2.1</div> <div class="MsoNormal"> leftsubnet=10.23.23.0/24</div> <div class="MsoNormal"> right=38.96.196.93</div> <div class="MsoNormal"> rightnexthop=10.12.132.1</div> <div class="MsoNormal"> rightsubnet=10.12.132.64/26</div> <div
class="MsoNormal"> pfs=no</div> <div class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">and of course my PSK in ipsec.secrets.</div> <div class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">My routing table after everything is done looks like this:</div> <div class="MsoNormal">Destination Gateway Genmask Flags Metric Ref Use Iface</div> <div class="MsoNormal">10.12.132.64 66.92.2.1 255.255.255.192 UG 0 0 0 eth0</div> <div class="MsoNormal">66.92.2.0 0.0.0.0 255.255.255.0 U 0
0 0 eth0</div> <div class="MsoNormal">10.23.23.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1</div> <div class="MsoNormal">169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1</div> <div class="MsoNormal">0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 eth0</div> <div class="MsoNormal"><o:p> </o:p></div> <div
class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">I’m about to ditch Openswan for a crappy Linksys router with vpn (ugh!), so if anyone has ideas I’d be very happy :D</div> <div class="MsoNormal"><o:p> </o:p></div> <div class="MsoNormal">Brian</div>