[Openswan Users] site to site VPN hangs at phase 1 openswan/ubuntu

Will Roberts wpr2 at cornell.edu
Wed Oct 6 23:46:52 EDT 2010


You'll need at least 2.6.24 if you want it to work behind a NAT.

--Will

On 10/06/2010 11:30 PM, matt.bazan at comcast.net wrote:
>
> hi all - seeing the following after attempting to bring up my site to
> site tunnel between two ubuntu server (10.0.4) boxes.  see same output
> on both tunnel endpoints.  what should i check for?
>
> note - the leftid@ entry in ipsec.conf is not a valid DNS name
> (meaning it cannot be publicly resolved).  does this matter?
>
> also, the servers have different version of openswan even though ive
> updated both of them and they are fresh openswan installs.  left
> server has openswan U2.6.22/K2.6.31-14.  right server is
> U2.6.23/K2.6.32-24.  again, should this matter?
>
> thanks!
> -m
>
>
> 000 "SF-To-Trenton":
> 192.168.0.0/24===69.xxx.x.xx<69.xxx.x.xx>[@sf.xxx.com,+S=C]---69.xxx.x.xx...173.xx.xx.xx<173.xx.xx.xx>[@trenton.xxx.com,+S=C]===192.168.10.0/24;
> prospective erouted; eroute owner: #0
> 000 "SF-To-Trenton":     myip=unset; hisip=unset;
> 000 "SF-To-Trenton":   ike_life: 3600s; ipsec_life: 28800s;
> rekey_margin: 540s; rekey_              fuzz: 100%; keyingtries: 0
> 000 "SF-To-Trenton":   policy:
> PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+lKOD+rKOD; prio: 2
> 4,24; interface: eth0;
> 000 "SF-To-Trenton":   newest ISAKMP SA: #0; newest IPsec SA: #0;
> 000
> 000 #6: "SF-To-Trenton":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
> EVENT_RETRANSMIT               in 10s; nodpd; idle; import:admin
> initiate
> 000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
> 000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
> 000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
> 000 #6: pending Phase 2 for "SF-To-Trenton" replacing #0
>
> ..partial ipsec.conf..
>
> # Add connections here
> conn SF-To-Trenton
>          authby=secret
>          left=69.xxx.x.xx
>          leftsubnet=192.168.0.0/24
>          leftid=@sf.xxx.com
>          leftnexthop=%defaultroute
>          right=173.xx.xx.xx
>          rightsubnet=192.168.10.0/24
>          rightid=@trenton.xxx.com
>          auto=start
>                                                                     50,1          72%
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>


More information about the Users mailing list