[Openswan Users] site to site VPN hangs at phase 1 openswan/ubuntu

matt.bazan at comcast.net matt.bazan at comcast.net
Thu Oct 7 11:07:01 EDT 2010 

shouldn't be an issue here both ubuntu boxes have public IP addresses and are not behind a NAT device.  thx-

matt
----- "Will Roberts" <wpr2 at cornell.edu> wrote:

> You'll need at least 2.6.24 if you want it to work behind a NAT.
> 
> --Will
> 
> On 10/06/2010 11:30 PM, matt.bazan at comcast.net wrote:
> >
> > hi all - seeing the following after attempting to bring up my site
> to
> > site tunnel between two ubuntu server (10.0.4) boxes.  see same
> output
> > on both tunnel endpoints.  what should i check for?
> >
> > note - the leftid@ entry in ipsec.conf is not a valid DNS name
> > (meaning it cannot be publicly resolved).  does this matter?
> >
> > also, the servers have different version of openswan even though
> ive
> > updated both of them and they are fresh openswan installs.  left
> > server has openswan U2.6.22/K2.6.31-14.  right server is
> > U2.6.23/K2.6.32-24.  again, should this matter?
> >
> > thanks!
> > -m
> >
> >
> > 000 "SF-To-Trenton":
> >
> 192.168.0.0/24===69.xxx.x.xx<69.xxx.x.xx>[@sf.xxx.com,+S=C]---69.xxx.x.xx...173.xx.xx.xx<173.xx.xx.xx>[@trenton.xxx.com,+S=C]===192.168.10.0/24;
> > prospective erouted; eroute owner: #0
> > 000 "SF-To-Trenton":     myip=unset; hisip=unset;
> > 000 "SF-To-Trenton":   ike_life: 3600s; ipsec_life: 28800s;
> > rekey_margin: 540s; rekey_              fuzz: 100%; keyingtries: 0
> > 000 "SF-To-Trenton":   policy:
> > PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+lKOD+rKOD; prio: 2
> > 4,24; interface: eth0;
> > 000 "SF-To-Trenton":   newest ISAKMP SA: #0; newest IPsec SA: #0;
> > 000
> > 000 #6: "SF-To-Trenton":500 STATE_MAIN_I1 (sent MI1, expecting
> MR1);
> > EVENT_RETRANSMIT               in 10s; nodpd; idle; import:admin
> > initiate
> > 000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
> > 000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
> > 000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
> > 000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
> >
> > ..partial ipsec.conf..
> >
> > # Add connections here
> > conn SF-To-Trenton
> >          authby=secret
> >          left=69.xxx.x.xx
> >          leftsubnet=192.168.0.0/24
> >          leftid=@sf.xxx.com
> >          leftnexthop=%defaultroute
> >          right=173.xx.xx.xx
> >          rightsubnet=192.168.10.0/24
> >          rightid=@trenton.xxx.com
> >          auto=start
> >                                                                    
> 50,1          72%
> > _______________________________________________
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
> > Micropayments:
> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> >
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >

More information about the Users mailing list