<div>Hie <br clear="all"></div><div><br></div><div>I have just setup my vpn and the tunnel is coming up and sometime even having multiple tunnels up but we cant get traffic thru. I go a server that connects directly to the internet with an public ip address of 80.251.x.xx/32 with a vsat router with an ip address of 80.251.x.zz. I m running fedora 11 and wants to set up create a vpn to 41.xxx.xx.x which is the gateway of a server that runs smpp & has a an ip address 41.xxx.xx.xx/32. </div>
<div><br></div><div>please help </div><div><br></div><div>my conf is</div><div>conn masnet<br> left=80.251.x.xx #IP of local system<br> leftsubnet=80.251.x.xx/32 #Private Network of local site, here specified only the linux system is connected to the tunnel<br>
leftnexthop=80.251.x.xz <br> leftsourceip=80.251.x.xx<br> leftid=80.251.x.xx #private IP of local system<br>#<br> right=41.xxx.xx.x #IP of remote system<br> rightsubnet=41.xxx.xx.zz/32 #Private Network of remote site<br>
rightnexthop=%defaultroute #80.251.x.xx #Next hop of the VPN traffic of remote site, therefore, itās my routerās IP<br> rightsourceip=41.xxx.xx.x<br> rightid=41.xxx.xx.x #private IP of remote system<br>
#<br> type=tunnel<br> aggrmode=no #aggresive / main mode option<br> keyexchange=ike #key exchange method<br> authby=secret #authentication method, secret / ca<br>
ike=3des-sha1;modp1024 #phase 1 encryption and authentication options<br> ikelifetime=86400s #phase 1 lifetime<br>#<br> auth=esp #phase 2 authentication method, esp / ah<br>
pfs=no #perfect forward secrecy<br> esp=3des-sha1 #phase 2 encryption and authentication options<br> keylife=86400s #phase 2 lifetime<br> rekey=no<br>
#<br> auto=add #make the tunnel to start when system starts<br><br></div><div><br></div><div>and my service ipsec status is<br></div><div>[root@sms ~]# service ipsec status<br>IPsec running - pluto pid: 14575<br>
pluto pid 14575<br>24 tunnels up<br>some eroutes exist<br></div><div><br></div><div><br></div><div>and </div><div>000 "masnet": 80.25x.x.xx/32===80.25x.x.xx<80.25x.x.xx>[+S=C]---80.25x.x.ww...80.25x.x.ww---41.22z.zz.z<41.22z.zz.z>[+S=C]===41.22z.zz.vv/32; erouted; eroute owner: #438<br>
000 "masnet": myip=80.25x.x.xx; hisip=41.22z.zz.z;<br>000 "masnet": ike_life: 86400s; ipsec_life: 86400s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<br>000 "masnet": policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+lKOD+rKOD; prio: 32,32; interface: eth0; <br>
000 "masnet": newest ISAKMP SA: #425; newest IPsec SA: #438; <br>000 "masnet": IKE algorithms wanted: 3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=-strict<br>000 "masnet": IKE algorithms found: 3DES_CBC(5)_192-SHA1(2)_160-2, <br>
000 "masnet": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024<br>000 "masnet": ESP algorithms wanted: 3DES(3)_000-SHA1(2); flags=-strict<br>000 "masnet": ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160<br>
000 "masnet": ESP algorithm newest: 3DES_0-HMAC_SHA1; pfsgroup=<N/A><br>000 <br>000 #423: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 1705s; isakmp#305; idle; import:not set<br>
000 #423: "masnet" esp.1a92a786@41.22z.zz.z esp.f375371a@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #422: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 1585s; isakmp#305; idle; import:not set<br>
000 #422: "masnet" esp.1a92a784@41.22z.zz.z esp.fc5c83e9@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #421: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 1465s; isakmp#305; idle; import:not set<br>
000 #421: "masnet" esp.1a92a782@41.22z.zz.z esp.ea182836@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #420: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 1345s; isakmp#305; idle; import:not set<br>
000 #420: "masnet" esp.1a92a780@41.22z.zz.z esp.5c9f52e5@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #419: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 1225s; isakmp#305; idle; import:not set<br>
000 #419: "masnet" esp.1a92a77e@41.22z.zz.z esp.873450c1@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #418: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 1105s; isakmp#305; idle; import:not set<br>
000 #418: "masnet" esp.1a92a77c@41.22z.zz.z esp.410fe9a6@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #417: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 985s; isakmp#305; idle; import:not set<br>
000 #417: "masnet" esp.1a92a77a@41.22z.zz.z esp.a6b63cd0@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #416: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 865s; isakmp#305; idle; import:not set<br>
000 #416: "masnet" esp.1a92a778@41.22z.zz.z esp.c025419@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #415: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 745s; isakmp#305; idle; import:not set<br>
000 #415: "masnet" esp.1a92a776@41.22z.zz.z esp.577cc0b7@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #414: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 625s; isakmp#305; idle; import:not set<br>
000 #414: "masnet" esp.1a92a774@41.22z.zz.z esp.5e66bbb9@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #413: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 505s; isakmp#305; idle; import:not set<br>
000 #413: "masnet" esp.1a92a772@41.22z.zz.z esp.c50872c3@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #412: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 385s; isakmp#305; idle; import:not set<br>
000 #412: "masnet" esp.1a92a770@41.22z.zz.z esp.e3559725@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #411: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 255s; isakmp#305; idle; import:not set<br>
000 #411: "masnet" esp.1a92a76e@41.22z.zz.z esp.e094f59d@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #410: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 135s; isakmp#305; idle; import:not set<br>
000 #410: "masnet" esp.1a92a76c@41.22z.zz.z esp.f531bde9@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #409: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 5s; isakmp#305; idle; import:not set<br>
000 #409: "masnet" esp.1a92a769@41.22z.zz.z esp.88436ce8@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #305: "masnet":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 12733s; lastdpd=-1s(seq in:0 out:0); idle; import:not set<br>
000 #439: "masnet":500 STATE_QUICK_R1 (sent QR1, inbound IPsec SA installed, expecting QI2); EVENT_RETRANSMIT in 4s; lastdpd=-1s(seq in:0 out:0); idle; import:not set<br>000 #438: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3455s; newest IPSEC; eroute owner; isakmp#425; idle; import:not set<br>
000 #438: "masnet" esp.1a92a7a4@41.22z.zz.z esp.c3852449@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #437: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3339s; isakmp#425; idle; import:not set<br>
000 #437: "masnet" esp.1a92a7a2@41.22z.zz.z esp.ce55ee6d@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #436: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3215s; isakmp#425; idle; import:not set<br>
000 #436: "masnet" esp.1a92a7a0@41.22z.zz.z esp.8df13532@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #435: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3095s; isakmp#425; idle; import:not set<br>
000 #435: "masnet" esp.1a92a79e@41.22z.zz.z esp.5ea976ae@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #434: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 2975s; isakmp#425; idle; import:not set<br>
000 #434: "masnet" esp.1a92a79c@41.22z.zz.z esp.56246083@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #433: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 2855s; isakmp#425; idle; import:not set<br>
000 #433: "masnet" esp.1a92a79a@41.22z.zz.z esp.dc1c8f6f@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #432: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 2735s; isakmp#425; idle; import:not set<br>
000 #432: "masnet" esp.1a92a798@41.22z.zz.z esp.14fd3a5b@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #431: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 2615s; isakmp#425; idle; import:not set<br>
000 #431: "masnet" esp.1a92a796@41.22z.zz.z esp.6d5800fa@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #430: "masnet":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 2491s; isakmp#425; idle; import:not set<br>
000 #430: "masnet" esp.1a92a794@41.22z.zz.z esp.584b56ad@80.25x.x.xx tun.0@41.22z.zz.z tun.0@80.25x.x.xx ref=0 refhim=4294901761<br>000 #425: "masnet":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 27174s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set<br>
000 <br>[root@sms ~]# <br><br><br></div><div>-- <br></div>Innocent Muchedzi<br>Creative Directory<br>Syldah Media<br>Ipelo House, Plot 103, Unit 4 Gaborone International Commerce Park<br>Gaborone<br><br>Tele/Fax: 3105907<br>
Cell: 71806864/73114818<br><a href="http://www.syldah.co.bw">www.syldah.co.bw</a><br>