<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">I've probably joined this too late, but does ETH1 have the correct IP's for your external and internally routed IP's?<div><br></div><div>If you've changed the binding interface from _all_ to just one, I _presume_ that the tunnel will only successfully come up if it has valid IP's on the external/internal. Is it binding properly to 4500/500 and can it route to both lans?</div><div><br></div><div>netstat -tnl grep 500 will tell u,, plus ifconfig/ip addr / ip route - of course :)</div><div><br></div><div>just my 0.02pence's worth</div><div><br><div><div>On 13 Feb 2013, at 17:21, Luis Nagaki wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Log from Server<div><div>"client1"[1] ClientExternal IP #14: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed</div><div>"client1"[1] ClientExternal IP #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</div>
<div>"client1"[1] ClientExternal IP #14: STATE_MAIN_R2: sent MR2, expecting MI3</div><div>"client1"[1] ClientExternal IP #14: Main mode peer ID is ID_FQDN: '@client1'</div><div>"client1"[1] ClientExternal IP #14: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</div>
<div>"client1"[1] ClientExternal IP #14: new NAT mapping for #14, was ClientExternal IP:500, now ClientExternal IP:12072</div><div>"client1"[1] ClientExternal IP #14: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}</div>
<div>"client1"[1] ClientExternal IP #14: Dead Peer Detection (RFC 3706): enabled</div><div>"client1"[1] ClientExternal IP #14: retransmitting in response to duplicate packet; already STATE_MAIN_R3</div>
<div>"client1"[1] ClientExternal IP #13: DPD: No response from peer - declaring peer dead</div><div>"client1"[1] ClientExternal IP #13: DPD: Restarting all connections that share this peer</div><div>"client1"[1] ClientExternal IP #13: terminating SAs using this connection</div>
<div>"client1" #14: deleting state (STATE_MAIN_R3)</div><div>"client1" #13: deleting state (STATE_MAIN_R3)</div><div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 13, 2013 at 12:17 PM, Luis Nagaki <span dir="ltr"><<a href="mailto:luis.nagaki@gmail.com" target="_blank">luis.nagaki@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">I thought it was the binding, (Which now works btw thanks Andy)<div>
<br></div><div>but i get to this point and it doesnt connect</div><div><br></div><div><div>"central" #1: ignoring unknown Vendor ID payload [4f45755c645c6a795c5c6170]</div>
<div>"central" #1: received Vendor ID payload [Dead Peer Detection]</div><div>"central" #1: received Vendor ID payload [RFC 3947] method set to=109 </div><div>"central" #1: enabling possible NAT-traversal with method 4</div>
<div>"central" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</div><div>"central" #1: STATE_MAIN_I2: sent MI2, expecting MR2</div><div>"central" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed</div>
<div>"central" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3</div><div>"central" #1: STATE_MAIN_I3: sent MI3, expecting MR3</div><div><br></div><div>stops at expecting MR3</div></div>
</div><div class=""><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 13, 2013 at 12:11 PM, Andy Gay <span dir="ltr"><<a href="mailto:andy@andynet.net" target="_blank">andy@andynet.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div>On Wed, 2013-02-13 at 09:16 -0500, Luis Nagaki wrote:<br>
> Hey Guys, since i am getting DHCP on the server, how do i bind ipsec<br>
> only on that nic? i dont want IPSEC confusing itself with the other<br>
> nics / ips<br>
><br>
</div></div>You can specify the interface to use in /etc/ipsec.conf. Add an entry in<br>
the "config setup" section at the top like:<br>
plutoopts="--interface eth1"<br>
<span><font color="#888888"><br>
/Andy<br>
<br>
> --<br>
> This message has been scanned for viruses and<br>
> dangerous content by MailScanner, and is<br>
> believed to be clean.<br>
</font></span><div><div>> _______________________________________________<br>
> <a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div></div>
_______________________________________________<br><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>https://lists.openswan.org/mailman/listinfo/users<br>Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy<br>Building and Integrating Virtual Private Networks with Openswan:<br>http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155<br></blockquote></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Regards</div><div><br></div><div>Dan.</div></div></span></span></span>
</div>
<br></div></body></html>