[Openswan Users] site to site VPN hangs at phase 1 openswan/ubuntu
matt.bazan at comcast.net
matt.bazan at comcast.net
Wed Oct 6 23:30:06 EDT 2010
hi all - seeing the following after attempting to bring up my site to
site tunnel between two ubuntu server (10.0.4) boxes. see same output
on both tunnel endpoints. what should i check for?
note - the leftid@ entry in ipsec.conf is not a valid DNS name
(meaning it cannot be publicly resolved). does this matter?
also, the servers have different version of openswan even though ive
updated both of them and they are fresh openswan installs. left
server has openswan U2.6.22/K2.6.31-14. right server is
U2.6.23/K2.6.32-24. again, should this matter?
thanks!
-m
000 "SF-To-Trenton":
192.168.0.0/24===69.xxx.x.xx<69.xxx.x.xx>[@sf.xxx.com,+S=C]---69.xxx.x.xx...173.xx.xx.xx<173.xx.xx.xx>[@trenton.xxx.com,+S=C]===192.168.10.0/24;
prospective erouted; eroute owner: #0
000 "SF-To-Trenton": myip=unset; hisip=unset;
000 "SF-To-Trenton": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_ fuzz: 100%; keyingtries: 0
000 "SF-To-Trenton": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+lKOD+rKOD; prio: 2
4,24; interface: eth0;
000 "SF-To-Trenton": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #6: "SF-To-Trenton":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
EVENT_RETRANSMIT in 10s; nodpd; idle; import:admin
initiate
000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
..partial ipsec.conf..
# Add connections here
conn SF-To-Trenton
authby=secret
left=69.xxx.x.xx
leftsubnet=192.168.0.0/24
leftid=@sf.xxx.com
leftnexthop=%defaultroute
right=173.xx.xx.xx
rightsubnet=192.168.10.0/24
rightid=@trenton.xxx.com
auto=start
50,1 72%
More information about the Users
mailing list