<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page Section1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.Section1
        {page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-GB link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal>Hi,<o:p></o:p></p>
<p class=MsoNormal>I hope someone can help. I’m trying to get a
site-to-site VPN going between a Draytek router and a CentOS 5.2/OpenSwan/Shorewall
firewall.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>The VPN establishes itself OK. The VPN show a connection and
shows packets being transmitted down the VPN from the Draytek to the CentOS
box. However no packets return.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Here are the messages from /var/log/secure <o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Aug 11 16:27:52 fw pluto[11226]: "onebyte" #6:
responding to Main Mode<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:52 fw pluto[11226]: "onebyte" #6:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:52 fw pluto[11226]: "onebyte" #6:
STATE_MAIN_R1: sent MR1, expecting MI2<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:52 fw pluto[11226]: "onebyte" #6:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:52 fw pluto[11226]: "onebyte" #6:
STATE_MAIN_R2: sent MR2, expecting MI3<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6:
ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6:
Main mode peer ID is ID_IPV4_ADDR: 'RRR.RRR.RRR.RRR'<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6: the
peer proposed: 10.27.0.0/24:0/0 -> 10.0.14.0/24:0/0<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6: alloc_bytes1()
was mistakenly asked to malloc 0 bytes for st_skey_ar in duplicate_state,
please report to dev@openswan.org<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er in
duplicate_state, please report to dev@openswan.org<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6:
alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi in
duplicate_state, please report to dev@openswan.org<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #6: alloc_bytes1()
was mistakenly asked to malloc 0 bytes for st_skey_pr in duplicate_state,
please report to dev@openswan.org<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #7:
responding to Quick Mode proposal {msgid:6dac2b2a}<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte"
#7: us: 10.27.0.0/24===LLL.LLL.LLL.LLL< LLL.LLL.LLL.LLL
>[+S=C]<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte"
#7: them: RRR.RRR.RRR.RRR < RRR.RRR.RRR.RRR >[+S=C]===10.0.14.0/24<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #7: transition
from state STATE_QUICK_R0 to state STATE_QUICK_R1<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:53 fw pluto[11226]: "onebyte" #7:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:54 fw pluto[11226]: "onebyte" #7:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<o:p></o:p></p>
<p class=MsoNormal>Aug 11 16:27:54 fw pluto[11226]: "onebyte" #7:
STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x7bad136b
<0xde297880 xfrm=3DES_0-HMAC_SHA1 NATOA=<invalid>
NATD=<invalid>:500 DPD=enabled}<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>As I stated above if I try and access anything in the left
subnet (10.27.0.0) from the right subnet (10.0.14.0) I can see the TX packet
count increase on the Draytek but not the RX count.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>I’m not sure what information to attach to help
resolve this problem. Please let me know and I will provide it for you.<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Thanks<o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>Simon<o:p></o:p></p>
</div>
<br>This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. Any views expressed in this message are those of the individual sender, except where the sender specifies and with authority, states them to be the views of Onebyte. This email has been scanned for viruses and has been certified as clean by Symantec, Kapersky & Clam AV. Onebyte is the trading name of Landmark Computer Services and is a limited company registered in England & Wales. Registered number: 5329402. Registered Office 145-157 St. John Street, London, EC1V 4PY
<br></body>
</html>