<div dir="ltr">Hello, <div><br></div><div>We are trying to set up IPSec with GRE from an Amazon EC2 instance in our VPC to a third party. </div><div><br></div><div>Our machine is Ubuntu 14.04 running Openswan Version 2.6.38</div><div><br></div><div>They have provided the following IPSec configuration information: </div><div><br></div><div>Client IP: 74.xxx.xxx.xxx</div><div>Client Encryption Domain: 74.xxx.xxx.yyy/32</div><div><br></div><div>Our IP: 54.aaa.bbb.ccc</div><div>Our Encryption Domain: <a href="http://10.160.255.181/30">10.160.255.181/30</a></div><div><br></div><div>Encryption parameters: </div><div>Phase 1: Diffie-Hellman Group 2 algorithm: 3DES-MD5</div><div><div>Phase 2: Diffie-Hellman Group 2 algorithm: 3DES-MD5</div><div>Perfect Forward Secrey: No</div><div>Lifetime (for renegotiation): 3600sec</div><div><br></div><div>In order to match the client encryption domain we had to create a virtual ethernet device on eth0 by adding the following to our network interfaces file:</div><div><br></div><div><div>auto eth0:1</div><div>iface eth0:1 inet static</div><div>address 10.160.255.181</div><div>netmask 255.255.255.252</div></div><div><br></div><div><br></div><div>I have added the following to my ipsec.conf file based off the blog post here(<a href="http://blog.jameskyle.org/2012/07/configuring-openswan-ipsec-server/">http://blog.jameskyle.org/2012/07/configuring-openswan-ipsec-server/</a>). : </div><div><br></div><div><div>config setup</div><div> nat_traversal=yes</div><div> oe=off</div></div><div> protostack=netkey</div><div> plutostderrlog=/var/log/pluto_err.log</div><div><br></div><div>conn client_name</div><div> authby=secret</div><div> auto=start</div><div> left=%defaultroute</div><div> leftid=54.aaa.bbb.ccc</div><div> leftsubnet=<a href="http://10.161.255.181/30">10.161.255.181/30</a></div><div> leftnexthop=%defaultroute</div><div> right=74.xxx.xxx.xxx</div><div> rightid=74.xxx.xxx.xxx</div><div> rightsubnet=74.xxx.xxx.yyy/32</div><div> rightnexthop=%defaultroute</div><div><br></div><div> pfs=no</div><div> type=tunnel</div><div> aggrmode=no</div><div><br></div><div> ike=3des-md5;modp1024!</div><div> ikelifetime=1440m</div><div> phase2alg=3des-md5;modp1024</div><div><br></div><div>The secrets file looks like this:</div><div>54.xxx.xxx.xxx 74.xxx.xxx.xxx : PSK "our_secret"</div><div><br></div><div>Phase 1 seems to complete successfully but I get the following in the pluto logs: </div><div><br></div><div><div>"client_name" #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1</div><div>"client_name" #3: STATE_MAIN_R1: sent MR1, expecting MI2</div><div>"client_name" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</div><div>"client_name" #3: STATE_MAIN_R2: sent MR2, expecting MI3</div><div>"client_name" #3: Main mode peer ID is ID_IPV4_ADDR: '74.198.28.1'</div><div>"client_name" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</div><div>"client_name" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1024}</div><div>"client_name" #3: the peer proposed: <a href="http://10.160.255.181/32:0/0">10.160.255.181/32:0/0</a> -> <a href="http://74.198.28.244/32:0/0">74.198.28.244/32:0/0</a></div><div>"client_name" #3: cannot respond to IPsec SA request because no connection is known for <a href="http://10.160.251.181/32===10.50.35.105[54.aaa.bbb.ccc]...74.xxx.xxx.xxx">10.160.251.181/32===10.50.35.105[54.aaa.bbb.ccc]...74.xxx.xxx.xxx</a><74.xxx.xxx.xxx>===74.xxx.xxx.yyy/32</div></div><div><br></div><div>Any help or suggestions on what might be wrong with the config or where to go for more information would be greatly appreciated. </div><div><br></div><div>Cheers,</div><div>Tyler</div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div><font color="#000000" face="arial, helvetica, sans-serif" size="2">Tyler Field</font></div><div style="font-size:12.7272720336914px"><font color="#000000" size="2" face="arial, helvetica, sans-serif">DevOps Admin </font></div><div style="font-size:12.7272720336914px"><br></div></div></div></div>
</div></div>