<div dir="ltr">Its binding correctly now. not an issue anymore. and it wasnt before but i thought it was causing the issue for this client server not connecting . </div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Feb 13, 2013 at 12:36 PM, Daniel Cave <span dir="ltr"><<a href="mailto:dan.cave@me.com" target="_blank">dan.cave@me.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">I've probably joined this too late, but does ETH1 have the correct IP's for your external and internally routed IP's?<div><br></div><div>If you've changed the binding interface from _all_ to just one, I _presume_ that the tunnel will only successfully come up if it has valid IP's on the external/internal. Is it binding properly to 4500/500 and can it route to both lans?</div>
<div><br></div><div>netstat -tnl grep 500 will tell u,, plus ifconfig/ip addr / ip route - of course :)</div><div><br></div><div>just my 0.02pence's worth</div><div><div><div class="h5"><br><div><div>On 13 Feb 2013, at 17:21, Luis Nagaki wrote:</div>
<br><blockquote type="cite"><div dir="ltr">Log from Server<div><div>"client1"[1] ClientExternal IP #14: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed</div><div>"client1"[1] ClientExternal IP #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</div>
<div>"client1"[1] ClientExternal IP #14: STATE_MAIN_R2: sent MR2, expecting MI3</div><div>"client1"[1] ClientExternal IP #14: Main mode peer ID is ID_FQDN: '@client1'</div><div>"client1"[1] ClientExternal IP #14: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</div>
<div>"client1"[1] ClientExternal IP #14: new NAT mapping for #14, was ClientExternal IP:500, now ClientExternal IP:12072</div><div>"client1"[1] ClientExternal IP #14: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}</div>
<div>"client1"[1] ClientExternal IP #14: Dead Peer Detection (RFC 3706): enabled</div><div>"client1"[1] ClientExternal IP #14: retransmitting in response to duplicate packet; already STATE_MAIN_R3</div>
<div>"client1"[1] ClientExternal IP #13: DPD: No response from peer - declaring peer dead</div><div>"client1"[1] ClientExternal IP #13: DPD: Restarting all connections that share this peer</div><div>"client1"[1] ClientExternal IP #13: terminating SAs using this connection</div>
<div>"client1" #14: deleting state (STATE_MAIN_R3)</div><div>"client1" #13: deleting state (STATE_MAIN_R3)</div><div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 13, 2013 at 12:17 PM, Luis Nagaki <span dir="ltr"><<a href="mailto:luis.nagaki@gmail.com" target="_blank">luis.nagaki@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">I thought it was the binding, (Which now works btw thanks Andy)<div>
<br></div><div>but i get to this point and it doesnt connect</div><div><br></div><div><div>"central" #1: ignoring unknown Vendor ID payload [4f45755c645c6a795c5c6170]</div>
<div>"central" #1: received Vendor ID payload [Dead Peer Detection]</div><div>"central" #1: received Vendor ID payload [RFC 3947] method set to=109 </div><div>"central" #1: enabling possible NAT-traversal with method 4</div>
<div>"central" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</div><div>"central" #1: STATE_MAIN_I2: sent MI2, expecting MR2</div><div>"central" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed</div>
<div>"central" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3</div><div>"central" #1: STATE_MAIN_I3: sent MI3, expecting MR3</div><div><br></div><div>stops at expecting MR3</div></div>
</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Feb 13, 2013 at 12:11 PM, Andy Gay <span dir="ltr"><<a href="mailto:andy@andynet.net" target="_blank">andy@andynet.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div>On Wed, 2013-02-13 at 09:16 -0500, Luis Nagaki wrote:<br>
> Hey Guys, since i am getting DHCP on the server, how do i bind ipsec<br>
> only on that nic? i dont want IPSEC confusing itself with the other<br>
> nics / ips<br>
><br>
</div></div>You can specify the interface to use in /etc/ipsec.conf. Add an entry in<br>
the "config setup" section at the top like:<br>
plutoopts="--interface eth1"<br>
<span><font color="#888888"><br>
/Andy<br>
<br>
> --<br>
> This message has been scanned for viruses and<br>
> dangerous content by MailScanner, and is<br>
> believed to be clean.<br>
</font></span><div><div>> _______________________________________________<br>
> <a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br>
> <a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div></div></div>
_______________________________________________<br><a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a><br><a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br></blockquote></div><br></div></div><div>
<span style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:auto;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><span style="text-indent:0px;letter-spacing:normal;font-variant:normal;font-style:normal;font-weight:normal;line-height:normal;border-collapse:separate;text-transform:none;font-size:medium;white-space:normal;font-family:Helvetica;word-spacing:0px"><div style="word-wrap:break-word">
<div>Regards</div><div><br></div><div>Dan.</div></div></span></span></span>
</div>
<br></div></div></blockquote></div><br></div>