<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Rescued from the spam bucket. Please remember to subscribe to
the mailing list before posting to it.<br>
</p>
<div class="moz-forward-container"><br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>Question after building vpn site to site</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Sat, 19 Nov 2016 20:45:46 +0100</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Fraj KALLEL <a class="moz-txt-link-rfc2396E" href="mailto:frajkallel@gmail.com"><frajkallel@gmail.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td><a class="moz-txt-link-abbreviated" href="mailto:users@lists.openswan.org">users@lists.openswan.org</a></td>
</tr>
</tbody>
</table>
<br>
<br>
<div dir="ltr">
<p class="MsoNormal">Hello,<span></span></p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal">I build a vpn ipsec between openswan and
cisco ASA 5510.<span></span></p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal">After execution of /etc/init.d/ipsec
restart, i have these
line in log.<span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">| handling event EVENT_RETRANSMIT for
2.2.2.2
"VPN-site-to-site" #1<span></span></p>
<p class="MsoNormal">| sending 220 bytes for EVENT_RETRANSMIT
through eth0:500 to
<a moz-do-not-send="true" href="http://2.2.2.2:500">2.2.2.2:500</a>
(using #1)<span></span></p>
<p class="MsoNormal">| b2 d3 09 d7 1a 62 b2 e3
00 00 00 00 00 00 00 00<span></span></p>
<p class="MsoNormal">| 01 10 02 00 00 00 00 00
00 00 00 dc 0d 00 00 38<span></span></p>
<p class="MsoNormal">| 00 00 00 01 00 00 00 01
00 00 00 2c 00 01 00 01<span></span></p>
<p class="MsoNormal">| 00 00 00 24 00 01 00 00
80 0b 00 01 80 0c 70 80<span></span></p>
<p class="MsoNormal">| 80 01 00 07 80 02 00 02
80 03 00 01 80 04 00 02<span></span></p>
<p class="MsoNormal">| 80 0e 01 00 0d 00 00 10
4f 45 76 79 5c 6b 67 7a<span></span></p>
<p class="MsoNormal">| 57 71 5c 73 0d 00 00 14
af ca d7 13 68 a1 f1 c9<span></span></p>
<p class="MsoNormal">| 6b 86 96 fc 77 57 01 00
0d 00 00 14 4a 13 1c 81<span></span></p>
<p class="MsoNormal">| 07 03 58 45 5c 57 28 f2
0e 95 45 2f 0d 00 00 14<span></span></p>
<p class="MsoNormal">| 7d 94 19 a6 53 10 ca 6f
2c 17 9d 92 15 52 9d 56<span></span></p>
<p class="MsoNormal">| 0d 00 00 14 90 cb 80 91
3e bb 69 6e 08 63 81 b5<span></span></p>
<p class="MsoNormal">| ec 42 7b 1f 0d 00 00 14
cd 60 46 43 35 df 21 f8<span></span></p>
<p class="MsoNormal">| 7c fd b2 fc 68 b6 a4 48
00 00 00 14 44 85 15 2d<span></span></p>
<p class="MsoNormal">| 18 b6 bb cd 0b e8 a8 46
95 79 dd cc<span></span></p>
<p class="MsoNormal">| inserting event EVENT_RETRANSMIT, timeout
in 20 seconds
for #1<span></span></p>
<p class="MsoNormal">| event added at head of queue<span></span></p>
<p class="MsoNormal">| next event EVENT_RETRANSMIT in 20 seconds
for #1<span></span></p>
<p class="MsoNormal">| <span></span></p>
<p class="MsoNormal">| rejected packet:<span></span></p>
<p class="MsoNormal">| b2 d3 09 d7 1a 62 b2 e3
00 00 00 00 00 00 00 00<span></span></p>
<p class="MsoNormal">| 01 10 02 00 00 00 00 00
00 00 00 dc 0d 00 00 38<span></span></p>
<p class="MsoNormal">| 00 00 00 01 00 00 00 01
00 00 00 2c 00 01 00 01<span></span></p>
<p class="MsoNormal">| 00 00 00 24 00 01 00 00
80 0b 00 01 80 0c 70 80<span></span></p>
<p class="MsoNormal">| 80 01 00 07 80 02 00 02
80 03 00 01 80 04 00 02<span></span></p>
<p class="MsoNormal">| 80 0e 01 00 0d 00 00 10
4f 45 76 79 5c 6b 67 7a<span></span></p>
<p class="MsoNormal">| 57 71 5c 73 0d 00 00 14
af ca d7 13 68 a1 f1 c9<span></span></p>
<p class="MsoNormal">| 6b 86 96 fc 77 57 01 00
0d 00 00 14 4a 13 1c 81<span></span></p>
<p class="MsoNormal">| 07 03 58 45 5c 57 28 f2
0e 95 45 2f 0d 00 00 14<span></span></p>
<p class="MsoNormal">| 7d 94 19 a6 53 10 ca 6f
2c 17 9d 92 15 52 9d 56<span></span></p>
<p class="MsoNormal">| 0d 00 00 14 90 cb 80 91
3e bb 69 6e 08 63 81 b5<span></span></p>
<p class="MsoNormal">| ec 42 7b 1f 0d 00 00 14
cd 60 46 43 35 df 21 f8<span></span></p>
<p class="MsoNormal">| 7c fd b2 fc 68 b6 a4 48
00 00 00 14 44 85 15 2d<span></span></p>
<p class="MsoNormal">| 18 b6 bb cd 0b e8 a8 46
95 79 dd cc<span></span></p>
<p class="MsoNormal">| control:<span></span></p>
<p class="MsoNormal">| 1c 00 00 00 00 00 00 00
00 00 00 00 08 00 00 00<span></span></p>
<p class="MsoNormal">| 00 00 00 00 00 00 00 00
d5 20 43 e3 eb 7f 00 00<span></span></p>
<p class="MsoNormal">| 30 00 00 00 00 00 00 00
00 00 00 00 0b 00 00 00<span></span></p>
<p class="MsoNormal">| 71 00 00 00 02 03 01 00
00 00 00 00 00 00 00 00<span></span></p>
<p class="MsoNormal">| 02 00 00 00 d5 20 43 e3
00 00 00 00 00 00 00 00<span></span></p>
<p class="MsoNormal">| name:<span></span></p>
<p class="MsoNormal">| 02 00 01 f4 81 b9 1e 01
00 00 00 00 00 00 00 00<span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">"VPN-site-to-site" #1: ERROR: asynchronous
network
error report on eth0 (sport=500) for message to 2.2.2.2 port
500, complainant
<a moz-do-not-send="true" href="http://1.1.1.1">1.1.1.1</a>:
No route to host [errno 113, origin ICMP type 3 code 1 (not
authenticated)]<span></span></p>
<p class="MsoNormal">| * processed 0 messages from cryptographic
helpers <span></span></p>
<p class="MsoNormal">| next event EVENT_RETRANSMIT in 17 seconds
for #1<span></span></p>
<p class="MsoNormal">| next event EVENT_RETRANSMIT in 17 seconds
for #1<span></span></p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal"> <span></span></p>
<p class="MsoNormal">Openswan IP : 1.1.1.1<span></span></p>
<p class="MsoNormal">Cisco asa 5510 IP : 2.2.2.2<span></span></p>
<p class="MsoNormal">IP of VM behind cisco : <a
moz-do-not-send="true" href="http://172.27.51.9/32">172.27.51.9/32</a><span></span></p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal">Ipsec.secrets :<span></span></p>
<p class="MsoNormal">1.1.1.1 <a moz-do-not-send="true"
href="http://2.2.2.2">2.2.2.2</a>: PSK "azerty"<span></span></p>
<p class="MsoNormal"><br>
</p>
<p class="MsoNormal">Ipsec.conf :<span></span></p>
<p class="MsoNormal">version 2.0 #
conforms to second version of ipsec.conf specification<span></span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal">config setup<span></span></p>
<p class="MsoNormal"> # Do not set
debug options to debug configuration issues!<span></span></p>
<p class="MsoNormal"> # plutodebug /
klipsdebug = "all", "none" or a combation from below:<span></span></p>
<p class="MsoNormal"> # "raw
crypt parsing emitting control klips pfkey natt x509 dpd
private"<span></span></p>
<p class="MsoNormal"> # eg:<span></span></p>
<p class="MsoNormal"> #
plutodebug="control parsing"<span></span></p>
<p class="MsoNormal"> # Again: only
enable plutodebug or klipsdebug when asked by a developer<span></span></p>
<p class="MsoNormal"> #<span></span></p>
<p class="MsoNormal"> # enable to
get logs per-peer<span></span></p>
<p class="MsoNormal"> #
plutoopts="--perpeerlog"<span></span></p>
<p class="MsoNormal"> #<span></span></p>
<p class="MsoNormal"> # Enable core
dumps (might require system changes, like ulimit -C)<span></span></p>
<p class="MsoNormal"> # This is
required for abrtd to work properly<span></span></p>
<p class="MsoNormal"> # Note:
incorrect SElinux policies might prevent pluto writing the
core<span></span></p>
<p class="MsoNormal">
dumpdir=/var/run/pluto/<span></span></p>
<p class="MsoNormal"> #<span></span></p>
<p class="MsoNormal"> #
NAT-TRAVERSAL support, see README.NAT-Traversal<span></span></p>
<p class="MsoNormal">
nat_traversal=yes<span></span></p>
<p class="MsoNormal"> # exclude
networks used on server side by adding %v4:!a.b.c.0/24<span></span></p>
<p class="MsoNormal"> # It seems
that T-Mobile in the US and Rogers/Fido in Canada are<span></span></p>
<p class="MsoNormal"> # using 25/8
as "private" address space on their 3G network.<span></span></p>
<p class="MsoNormal"> # This range
has not been announced via BGP (at least upto 2010-12-21)<span></span></p>
<p class="MsoNormal"> virtual_private=%v4:<a
moz-do-not-send="true"
href="http://10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10">10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10</a><span></span></p>
<p class="MsoNormal"> # OE is now
off by default. Uncomment and change to on, to enable.<span></span></p>
<p class="MsoNormal"> oe=off<span></span></p>
<p class="MsoNormal"> # which IPsec
stack to use. auto will try netkey, then klips then mast<span></span></p>
<p class="MsoNormal">
protostack=netkey<span></span></p>
<p class="MsoNormal"> # Use this to
log to a file, or disable logging on embedded systems (like
openwrt)<span></span></p>
<p class="MsoNormal">
#plutostderrlog=/dev/null<span></span></p>
<p class="MsoNormal"> plutodebug=all<span></span></p>
<p class="MsoNormal">
plutostderrlog=/var/log/openswan.log<span></span></p>
<p class="MsoNormal"># Add connections here<span></span></p>
<p class="MsoNormal">conn VPN-site-to-site<span></span></p>
<p class="MsoNormal"> type=tunnel<span></span></p>
<p class="MsoNormal"> left=1.1.1.1<span></span></p>
<p class="MsoNormal"> right=2.2.2.2<span></span></p>
<p class="MsoNormal">
rightsubnet=<a moz-do-not-send="true"
href="http://172.27.51.9/32">172.27.51.9/32</a><span></span></p>
<p class="MsoNormal"> authby=secret<span></span></p>
<p class="MsoNormal"> auto=start<span></span></p>
<p class="MsoNormal">
keyexchange=ike<span></span></p>
<p class="MsoNormal"> #type=tunnel<span></span></p>
<p class="MsoNormal">
ike=aes256-sha1;modp1024!<span></span></p>
<p class="MsoNormal">
ikelifetime=28800s<span></span></p>
<p class="MsoNormal"> aggrmode=no<span></span></p>
<p class="MsoNormal"> phase2=esp<span></span></p>
<p class="MsoNormal">
phase2alg=aes256-sha1<span></span></p>
<p class="MsoNormal"> keylife=3600s<span></span></p>
<p class="MsoNormal">
forceencaps=yes<span></span></p>
<p class="MsoNormal"><span> </span></p>
<div><br>
</div>
-- <br>
<div class="gmail_signature">Sincerly yours<br>
Fraj KALLEL.</div>
</div>
</div>
</body>
</html>