[Openswan Users] is my tunnel up? if so, help on why i cant pass traffic please
matt.bazan at comcast.net
matt.bazan at comcast.net
Mon Nov 15 10:41:53 EST 2010
hi all - here's a snippet from the left hand side of my tunnel:
Nov 15 07:38:25 ubuntuFW pluto[9098]: "SF-To-Trenton" #1: received Vendor ID payload [CAN-IKEv2]
Nov 15 07:38:25 ubuntuFW pluto[9098]: "SF-To-Trenton" #1: Main mode peer ID is ID_IPV4_ADDR: '173.XX.XX.XX'
Nov 15 07:38:25 ubuntuFW pluto[9098]: "SF-To-Trenton" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 15 07:38:25 ubuntuFW pluto[9098]: "SF-To-Trenton" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 15 07:38:25 ubuntuFW pluto[9098]: "SF-To-Trenton" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:64c50a69 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
Nov 15 07:38:25 ubuntuFW pluto[9098]: "SF-To-Trenton" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 15 07:38:25 ubuntuFW pluto[9098]: "SF-To-Trenton" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x38efb16b <0x6ec3b7b1 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Nov 15 07:38:43 ubuntuFW pluto[9098]: "SF-To-Trenton" #1: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xefdb47fd) not found (maybe expired)
Nov 15 07:38:43 ubuntuFW pluto[9098]: "SF-To-Trenton" #1: received and ignored informational message
and here's the corresponding from right hand side:
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #1: received Vendor ID payload [CAN-IKEv2]
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #1: Main mode peer ID is ID_IPV4_ADDR: '69.XXX.XX.XX'
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:61c5786c proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 15 10:39:10 ellis pluto[31289]: "SF-To-Trenton" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x53edd6dd <0xde5b40b0 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
according to this, if im reading it correctly, my tunnel is coming up succesffuly, correct? if so, im unable to ping the LAN side of either gateway from the remote firewall. this test should rule out there being any routing issues from servers on the LAN sides. any ideas what i could be missing? it's driving me nuts! thx-
-m
More information about the Users
mailing list