[Openswan Users] Openswan Tunnel up but no traffic passing through
Innocent Muchedzi
imuchedzi at gmail.com
Fri May 21 02:39:56 EDT 2010
Hie
I have just setup my vpn and the tunnel is coming up and sometime even
having multiple tunnels up but we cant get traffic thru. I go a server that
connects directly to the internet with an public ip address of
80.251.x.xx/32 with a vsat router with an ip address of 80.251.x.zz. I m
running fedora 11 and wants to set up create a vpn to 41.xxx.xx.x which is
the gateway of a server that runs smpp & has a an ip address
41.xxx.xx.xx/32.
please help
my conf is
conn masnet
left=80.251.x.xx #IP of local system
leftsubnet=80.251.x.xx/32 #Private Network of local site, here specified
only the linux system is connected to the tunnel
leftnexthop=80.251.x.xz
leftsourceip=80.251.x.xx
leftid=80.251.x.xx #private IP of local system
#
right=41.xxx.xx.x #IP of remote system
rightsubnet=41.xxx.xx.zz/32 #Private Network of remote site
rightnexthop=%defaultroute #80.251.x.xx #Next hop of the VPN traffic of
remote site, therefore, itâs my routerâs IP
rightsourceip=41.xxx.xx.x
rightid=41.xxx.xx.x #private IP of remote system
#
type=tunnel
aggrmode=no #aggresive / main mode option
keyexchange=ike #key exchange method
authby=secret #authentication method, secret / ca
ike=3des-sha1;modp1024 #phase 1 encryption and authentication options
ikelifetime=86400s #phase 1 lifetime
#
auth=esp #phase 2 authentication method, esp / ah
pfs=no #perfect forward secrecy
esp=3des-sha1 #phase 2 encryption and authentication options
keylife=86400s #phase 2 lifetime
rekey=no
#
auto=add #make the tunnel to start when system starts
and my service ipsec status is
[root at sms ~]# service ipsec status
IPsec running - pluto pid: 14575
pluto pid 14575
24 tunnels up
some eroutes exist
and
000 "masnet":
80.25x.x.xx/32===80.25x.x.xx<80.25x.x.xx>[+S=C]---80.25x.x.ww...80.25x.x.ww---41.22z.zz.z<41.22z.zz.z>[+S=C]===41.22z.zz.vv/32;
erouted; eroute owner: #438
000 "masnet": myip=80.25x.x.xx; hisip=41.22z.zz.z;
000 "masnet": ike_life: 86400s; ipsec_life: 86400s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "masnet": policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+lKOD+rKOD;
prio: 32,32; interface: eth0;
000 "masnet": newest ISAKMP SA: #425; newest IPsec SA: #438;
000 "masnet": IKE algorithms wanted: 3DES_CBC(5)_000-SHA1(2)-MODP1024(2);
flags=-strict
000 "masnet": IKE algorithms found: 3DES_CBC(5)_192-SHA1(2)_160-2,
000 "masnet": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "masnet": ESP algorithms wanted: 3DES(3)_000-SHA1(2); flags=-strict
000 "masnet": ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160
000 "masnet": ESP algorithm newest: 3DES_0-HMAC_SHA1; pfsgroup=<N/A>
000
000 #423: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 1705s; isakmp#305; idle; import:not set
000 #423: "masnet" esp.1a92a786 at 41.22z.zz.z
esp.f375371a at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #422: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 1585s; isakmp#305; idle; import:not set
000 #422: "masnet" esp.1a92a784 at 41.22z.zz.z
esp.fc5c83e9 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #421: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 1465s; isakmp#305; idle; import:not set
000 #421: "masnet" esp.1a92a782 at 41.22z.zz.z
esp.ea182836 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #420: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 1345s; isakmp#305; idle; import:not set
000 #420: "masnet" esp.1a92a780 at 41.22z.zz.z
esp.5c9f52e5 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #419: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 1225s; isakmp#305; idle; import:not set
000 #419: "masnet" esp.1a92a77e at 41.22z.zz.z
esp.873450c1 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #418: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 1105s; isakmp#305; idle; import:not set
000 #418: "masnet" esp.1a92a77c at 41.22z.zz.z
esp.410fe9a6 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #417: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 985s; isakmp#305; idle; import:not set
000 #417: "masnet" esp.1a92a77a at 41.22z.zz.z
esp.a6b63cd0 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #416: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 865s; isakmp#305; idle; import:not set
000 #416: "masnet" esp.1a92a778 at 41.22z.zz.z
esp.c025419 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #415: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 745s; isakmp#305; idle; import:not set
000 #415: "masnet" esp.1a92a776 at 41.22z.zz.z
esp.577cc0b7 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #414: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 625s; isakmp#305; idle; import:not set
000 #414: "masnet" esp.1a92a774 at 41.22z.zz.z
esp.5e66bbb9 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #413: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 505s; isakmp#305; idle; import:not set
000 #413: "masnet" esp.1a92a772 at 41.22z.zz.z
esp.c50872c3 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #412: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 385s; isakmp#305; idle; import:not set
000 #412: "masnet" esp.1a92a770 at 41.22z.zz.z
esp.e3559725 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #411: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 255s; isakmp#305; idle; import:not set
000 #411: "masnet" esp.1a92a76e at 41.22z.zz.z
esp.e094f59d at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #410: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 135s; isakmp#305; idle; import:not set
000 #410: "masnet" esp.1a92a76c at 41.22z.zz.z
esp.f531bde9 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #409: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 5s; isakmp#305; idle; import:not set
000 #409: "masnet" esp.1a92a769 at 41.22z.zz.z
esp.88436ce8 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #305: "masnet":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_EXPIRE in 12733s; lastdpd=-1s(seq in:0 out:0); idle; import:not set
000 #439: "masnet":500 STATE_QUICK_R1 (sent QR1, inbound IPsec SA installed,
expecting QI2); EVENT_RETRANSMIT in 4s; lastdpd=-1s(seq in:0 out:0); idle;
import:not set
000 #438: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 3455s; newest IPSEC; eroute owner; isakmp#425; idle;
import:not set
000 #438: "masnet" esp.1a92a7a4 at 41.22z.zz.z
esp.c3852449 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #437: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 3339s; isakmp#425; idle; import:not set
000 #437: "masnet" esp.1a92a7a2 at 41.22z.zz.z
esp.ce55ee6d at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #436: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 3215s; isakmp#425; idle; import:not set
000 #436: "masnet" esp.1a92a7a0 at 41.22z.zz.z
esp.8df13532 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #435: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 3095s; isakmp#425; idle; import:not set
000 #435: "masnet" esp.1a92a79e at 41.22z.zz.z
esp.5ea976ae at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #434: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 2975s; isakmp#425; idle; import:not set
000 #434: "masnet" esp.1a92a79c at 41.22z.zz.z
esp.56246083 at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #433: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 2855s; isakmp#425; idle; import:not set
000 #433: "masnet" esp.1a92a79a at 41.22z.zz.z
esp.dc1c8f6f at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #432: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 2735s; isakmp#425; idle; import:not set
000 #432: "masnet" esp.1a92a798 at 41.22z.zz.z
esp.14fd3a5b at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #431: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 2615s; isakmp#425; idle; import:not set
000 #431: "masnet" esp.1a92a796 at 41.22z.zz.z
esp.6d5800fa at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #430: "masnet":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_EXPIRE in 2491s; isakmp#425; idle; import:not set
000 #430: "masnet" esp.1a92a794 at 41.22z.zz.z
esp.584b56ad at 80.25x.x.xxtun.0@41.22z.zz.ztun.0 at 80.25x.x.xxref=0
refhim=4294901761
000 #425: "masnet":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_EXPIRE in 27174s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle;
import:not set
000
[root at sms ~]#
--
Innocent Muchedzi
Creative Directory
Syldah Media
Ipelo House, Plot 103, Unit 4 Gaborone International Commerce Park
Gaborone
Tele/Fax: 3105907
Cell: 71806864/73114818
www.syldah.co.bw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100521/6af6f6fa/attachment-0001.html
More information about the Users
mailing list