[Openswan Users] Is my IPSec tunnel working?

Germán Latorre german.latorre at twindocs.com
Thu Mar 31 04:47:34 EDT 2011 

Hello,

I've configured Openswan to create an IPSec tunnel with a Cisco router.  
However, tunnel seems not being activated.  Could anyone tell me if, 
according to auth.log tunnel connection is complete?

It drives me a little crazy that it states "IPsec SA established" as 
well as "event after this is EVENT_PENDING_PHASE2 in 100 seconds".

Here's the log file when starting ipsec service:

============
Mar 31 08:45:38 FTPS pluto[3840]: | our client is 10.176.80.202
Mar 31 08:45:38 FTPS pluto[3840]: | our client protocol/port is 0/0
Mar 31 08:45:38 FTPS pluto[3840]: | peer client is 195.235.178.19
Mar 31 08:45:38 FTPS pluto[3840]: | peer client protocol/port is 0/0
Mar 31 08:45:38 FTPS pluto[3840]: | compute_proto_keymat:needed_len 
(after ESP enc)=24
Mar 31 08:45:38 FTPS pluto[3840]: | compute_proto_keymat:needed_len 
(after ESP auth)=44
Mar 31 08:45:38 FTPS pluto[3840]: | install_ipsec_sa() for #2: inbound 
and outbound
Mar 31 08:45:38 FTPS pluto[3840]: | route owner of "myConnection" 
prospective erouted: self; eroute owner: self
Mar 31 08:45:38 FTPS pluto[3840]: | could_route called for myConnection 
(kind=CK_PERMANENT)
Mar 31 08:45:38 FTPS pluto[3840]: | add inbound eroute 
195.235.178.19/32:0 --0-> 10.176.80.202/32:0 => tun.10000 at 46.38.161.90 
(raw_eroute)
Mar 31 08:45:39 FTPS pluto[3840]: | sr for #2: prospective erouted
Mar 31 08:45:39 FTPS pluto[3840]: | route owner of "myConnection" 
prospective erouted: self; eroute owner: self
Mar 31 08:45:39 FTPS pluto[3840]: | eroute_connection replace eroute 
10.176.80.202/32:0 --0-> 195.235.178.19/32:0 => tun.0 at 195.235.178.36 
(raw_eroute)
Mar 31 08:45:39 FTPS pluto[3840]: | command executing up-client
Mar 31 08:45:39 FTPS pluto[3840]: | executing up-client: 2>&1 
PLUTO_VERSION='1.1' PLUTO_VERB='up-client' 
PLUTO_CONNECTION='myConnection' PLUTO_NEXT_HOP='46.38.161.1' 
PLUTO_INTERFACE='eth0' PLUTO_ME='46.38.161.90' 
PLUTO_MY_ID='46.38.161.90' PLUTO_MY_CLIENT='10.176.80.202/32' 
PLUTO_MY_CLIENT_NET='10.176.80.202' 
PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0' 
PLUTO_MY_PROTOCOL='0' PLUTO_PEER='195.235.178.36' 
PLUTO_PEER_ID='195.235.178.36' PLUTO_PEER_CLIENT='195.235.178.19/32' 
PLUTO_PEER_CLIENT_NET='195.235.178.19' 
PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='0' 
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' 
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+UP'   ipsec _updown
Mar 31 08:45:39 FTPS pluto[3840]: | route_and_eroute: firewall_notified: 
true
Mar 31 08:45:39 FTPS pluto[3840]: | route_and_eroute: instance 
"myConnection", setting eroute_owner {spd=0xe63b08,sr=0xe63b08} to #2 
(was #0) (newest_ipsec_sa=#0)
Mar 31 08:45:39 FTPS pluto[3840]: | complete state transition with STF_OK
Mar 31 08:45:39 FTPS pluto[3840]: "myConnection" #2: transition from 
state STATE_QUICK_I1 to state STATE_QUICK_I2
Mar 31 08:45:39 FTPS pluto[3840]: | sending reply packet to 
195.235.178.36:500 (from port=500)
Mar 31 08:45:39 FTPS pluto[3840]: | sending 52 bytes for STATE_QUICK_I1 
through eth0:500 to 195.235.178.36:500:
Mar 31 08:45:39 FTPS pluto[3840]: | inserting event EVENT_SA_REPLACE, 
timeout in 27818 seconds for #2
Mar 31 08:45:39 FTPS pluto[3840]: "myConnection" #2: STATE_QUICK_I2: 
sent QI2, IPsec SA established {ESP=>0x4c3b8275 <0x482b8acf 
xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}
Mar 31 08:45:39 FTPS pluto[3840]: | modecfg pull: noquirk policy:push 
not-client
Mar 31 08:45:39 FTPS pluto[3840]: | phase 1 is done, looking for phase 1 
to unpend
Mar 31 08:45:39 FTPS pluto[3840]: | next event EVENT_NAT_T_KEEPALIVE in 
19 seconds
Mar 31 08:45:58 FTPS pluto[3840]: |
Mar 31 08:45:58 FTPS pluto[3840]: | *time to handle event
Mar 31 08:45:58 FTPS pluto[3840]: | handling event EVENT_NAT_T_KEEPALIVE
Mar 31 08:45:58 FTPS pluto[3840]: | event after this is 
EVENT_PENDING_PHASE2 in 100 seconds
Mar 31 08:45:58 FTPS pluto[3840]: | processing connection myConnection
Mar 31 08:45:58 FTPS pluto[3840]: | processing connection myConnection
Mar 31 08:45:58 FTPS pluto[3840]: | next event EVENT_PENDING_PHASE2 in 
100 seconds
============

Thanks a million and best regards.
-- 

*Germán Latorre Antín*
Principal Software Engineer
TwinDocs - https://www.twindocs.com
(+34) 902 400 135

Este mensaje es confidencial y para uso exclusivo de sus destinatarios. 
/ The information contained in this message is intended for the 
exclusive use of its recipients.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110331/25614189/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: twindocs.gif
Type: image/gif
Size: 2587 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20110331/25614189/attachment-0001.gif

More information about the Users mailing list