[Openswan Users]
IPCOP + Checkpoint VPN-1 tunnel up - no data transfair
Sebastian Fischinger
s.fischinger at josefsklinik.de
Mon Jun 26 13:39:20 CEST 2006
Hello,
I etablished a IPSEC net2net tunnel between IPCOP 1.4.10 and a VPN-1
(Checkpoint)
My problem is, that no data comes back from the other side.
I think the problem is this log:
Jun 26 12:23:50 sjk-gate pluto[3063]: "freiburg" #7: discarding
duplicate packet; already STATE_QUICK_R2
but i can't find anything about this..
here is my logfile:
###
Jun 26 12:22:08 sjk-gate pluto[3063]: added connection description
"freiburg"
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #1: initiating Main Mode
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #1: Main mode peer ID
is ID_IPV4_ADDR: '193.196.193.50'
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #1: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #1: ISAKMP SA established
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #2: initiating Quick
Mode PSK+ENCRYPT+TUNNEL
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #2: ignoring
informational payload, type IPSEC_RESPONDER_LIFETIME
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #2: transition from
state STATE_QUICK_I1 to state STATE_QUICK_I2
Jun 26 12:22:09 sjk-gate pluto[3063]: "freiburg" #2: sent QI2, IPsec SA
established
Jun 26 12:22:09 sjk-gate ipsec__plutorun: 104 "freiburg" #1:
STATE_MAIN_I1: initiate
Jun 26 12:22:09 sjk-gate ipsec__plutorun: 106 "freiburg" #1:
STATE_MAIN_I2: sent MI2, expecting MR2
Jun 26 12:22:09 sjk-gate ipsec__plutorun: 108 "freiburg" #1:
STATE_MAIN_I3: sent MI3, expecting MR3
Jun 26 12:22:09 sjk-gate ipsec__plutorun: 004 "freiburg" #1:
STATE_MAIN_I4: ISAKMP SA established
Jun 26 12:22:09 sjk-gate ipsec__plutorun: 122 "freiburg" #2:
STATE_QUICK_I1: initiate
Jun 26 12:22:09 sjk-gate ipsec__plutorun: 003 "freiburg" #2: ignoring
informational payload, type IPSEC_RESPONDER_LIFETIME
Jun 26 12:22:09 sjk-gate ipsec__plutorun: 004 "freiburg" #2:
STATE_QUICK_I2: sent QI2, IPsec SA established
Jun 26 12:23:50 sjk-gate pluto[3063]: "freiburg" #7: responding to Quick
Mode
Jun 26 12:23:50 sjk-gate pluto[3063]: "freiburg" #7: transition from
state (null) to state STATE_QUICK_R1
Jun 26 12:23:50 sjk-gate pluto[3063]: "freiburg" #7: transition from
state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun 26 12:23:50 sjk-gate pluto[3063]: "freiburg" #7: IPsec SA established
Jun 26 12:23:50 sjk-gate pluto[3063]: "freiburg" #7: discarding
duplicate packet; already STATE_QUICK_R2
Jun 26 12:23:50 sjk-gate pluto[3063]: "freiburg" #7: discarding
duplicate packet; already STATE_QUICK_R2
##################
##################
tcpdump -i ipsec0 -vv
tcpdump: listening on ipsec0, link-type EN10MB (Ethernet), capture size
68 bytes
12:23:50.420271 IP (tos 0x0, ttl 127, id 21157, offset 0, flags [DF],
length: 48) 192.168.46.3.4930 > s1.<other-IP>.krb524: S [tcp sum ok]
127788732:127788732(0) win 65535 <mss 1460,nop,nop,sackOK>
####################
and at last my config file:
########################
config setup
interfaces="%defaultroute ipsec1=eth1"
klipsdebug=none
plutodebug="none"
plutoload=%search
plutostart=%search
uniqueids=yes
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.32.0/255.255.224.0,%v4:!10.10.10.0/255.255.255.0,%v4:!192.168.3.0/255.255.255.0,%v4:!193.196.192.0/255.255.255.0
conn %default
keyingtries=0
disablearrivalcheck=no
conn freiburg
left=172.18.0.2
leftnexthop=%defaultroute
leftsubnet=192.168.46.0/255.255.255.0
right=<gw-ip>
rightsubnet=<right-sub-net>/255.255.255.0
rightnexthop=%defaultroute
ike=3des-sha-modp1024!
esp=3des-sha1!
ikelifetime=1h
keylife=24h
dpddelay=30
dpdtimeout=120
dpdaction=clear
pfs=no
authby=secret
auto=start
More information about the Users
mailing list