[Openswan Users] How to Bind to nic?

Luis Nagaki luis.nagaki at gmail.com
Wed Feb 13 12:21:03 EST 2013


Log from Server
"client1"[1] ClientExternal IP #14: NAT-Traversal: Result using RFC 3947
(NAT-Traversal): peer is NATed
"client1"[1] ClientExternal IP #14: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2
"client1"[1] ClientExternal IP #14: STATE_MAIN_R2: sent MR2, expecting MI3
"client1"[1] ClientExternal IP #14: Main mode peer ID is ID_FQDN: '@client1'
"client1"[1] ClientExternal IP #14: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3
"client1"[1] ClientExternal IP #14: new NAT mapping for #14, was
ClientExternal IP:500, now ClientExternal IP:12072
"client1"[1] ClientExternal IP #14: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha
group=modp2048}
"client1"[1] ClientExternal IP #14: Dead Peer Detection (RFC 3706): enabled
"client1"[1] ClientExternal IP #14: retransmitting in response to duplicate
packet; already STATE_MAIN_R3
"client1"[1] ClientExternal IP #13: DPD: No response from peer - declaring
peer dead
"client1"[1] ClientExternal IP #13: DPD: Restarting all connections that
share this peer
"client1"[1] ClientExternal IP #13: terminating SAs using this connection
"client1" #14: deleting state (STATE_MAIN_R3)
"client1" #13: deleting state (STATE_MAIN_R3)



On Wed, Feb 13, 2013 at 12:17 PM, Luis Nagaki <luis.nagaki at gmail.com> wrote:

> I thought it was the binding, (Which now works btw thanks Andy)
>
> but i get to this point and it doesnt connect
>
> "central" #1: ignoring unknown Vendor ID payload [4f45755c645c6a795c5c6170]
> "central" #1: received Vendor ID payload [Dead Peer Detection]
> "central" #1: received Vendor ID payload [RFC 3947] method set to=109
> "central" #1: enabling possible NAT-traversal with method 4
> "central" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> "central" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> "central" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am
> NATed
> "central" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> "central" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>
> stops at expecting MR3
>
>
> On Wed, Feb 13, 2013 at 12:11 PM, Andy Gay <andy at andynet.net> wrote:
>
>> On Wed, 2013-02-13 at 09:16 -0500, Luis Nagaki wrote:
>> > Hey Guys, since i am getting DHCP on the server, how do i bind ipsec
>> > only on that nic? i dont want IPSEC confusing itself with the other
>> > nics / ips
>> >
>> You can specify the interface to use in /etc/ipsec.conf. Add an entry in
>> the "config setup" section at the top like:
>>   plutoopts="--interface eth1"
>>
>> /Andy
>>
>> > --
>> > This message has been scanned for viruses and
>> > dangerous content by MailScanner, and is
>> > believed to be clean.
>> > _______________________________________________
>> > Users at lists.openswan.org
>> > https://lists.openswan.org/mailman/listinfo/users
>> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> > Building and Integrating Virtual Private Networks with Openswan:
>> >
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130213/85ca20af/attachment.html>


More information about the Users mailing list