[Openswan Users] How to Bind to nic?

Luis Nagaki luis.nagaki at gmail.com
Wed Feb 13 12:37:59 EST 2013 

Its binding correctly now. not an issue anymore. and it wasnt before but i
thought it was causing the issue for this client server not connecting .


On Wed, Feb 13, 2013 at 12:36 PM, Daniel Cave <dan.cave at me.com> wrote:

> I've probably joined this too late, but does ETH1 have the correct IP's
> for your  external and internally routed IP's?
>
> If you've changed the binding interface from _all_ to just one, I
> _presume_ that the tunnel will only successfully come up if it has valid
> IP's on the external/internal.  Is it binding properly to 4500/500 and can
> it route to both lans?
>
> netstat -tnl grep 500 will tell u,, plus ifconfig/ip addr / ip route - of
> course :)
>
> just my 0.02pence's worth
>
> On 13 Feb 2013, at 17:21, Luis Nagaki wrote:
>
> Log from Server
> "client1"[1] ClientExternal IP #14: NAT-Traversal: Result using RFC 3947
> (NAT-Traversal): peer is NATed
> "client1"[1] ClientExternal IP #14: transition from state STATE_MAIN_R1 to
> state STATE_MAIN_R2
> "client1"[1] ClientExternal IP #14: STATE_MAIN_R2: sent MR2, expecting MI3
> "client1"[1] ClientExternal IP #14: Main mode peer ID is ID_FQDN:
> '@client1'
> "client1"[1] ClientExternal IP #14: transition from state STATE_MAIN_R2 to
> state STATE_MAIN_R3
> "client1"[1] ClientExternal IP #14: new NAT mapping for #14, was
> ClientExternal IP:500, now ClientExternal IP:12072
> "client1"[1] ClientExternal IP #14: STATE_MAIN_R3: sent MR3, ISAKMP SA
> established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha
> group=modp2048}
> "client1"[1] ClientExternal IP #14: Dead Peer Detection (RFC 3706): enabled
> "client1"[1] ClientExternal IP #14: retransmitting in response to
> duplicate packet; already STATE_MAIN_R3
> "client1"[1] ClientExternal IP #13: DPD: No response from peer - declaring
> peer dead
> "client1"[1] ClientExternal IP #13: DPD: Restarting all connections that
> share this peer
> "client1"[1] ClientExternal IP #13: terminating SAs using this connection
> "client1" #14: deleting state (STATE_MAIN_R3)
> "client1" #13: deleting state (STATE_MAIN_R3)
>
>
>
> On Wed, Feb 13, 2013 at 12:17 PM, Luis Nagaki <luis.nagaki at gmail.com>wrote:
>
>> I thought it was the binding, (Which now works btw thanks Andy)
>>
>> but i get to this point and it doesnt connect
>>
>> "central" #1: ignoring unknown Vendor ID payload
>> [4f45755c645c6a795c5c6170]
>> "central" #1: received Vendor ID payload [Dead Peer Detection]
>> "central" #1: received Vendor ID payload [RFC 3947] method set to=109
>> "central" #1: enabling possible NAT-traversal with method 4
>> "central" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
>> "central" #1: STATE_MAIN_I2: sent MI2, expecting MR2
>> "central" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am
>> NATed
>> "central" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
>> "central" #1: STATE_MAIN_I3: sent MI3, expecting MR3
>>
>> stops at expecting MR3
>>
>>
>> On Wed, Feb 13, 2013 at 12:11 PM, Andy Gay <andy at andynet.net> wrote:
>>
>>> On Wed, 2013-02-13 at 09:16 -0500, Luis Nagaki wrote:
>>> > Hey Guys, since i am getting DHCP on the server, how do i bind ipsec
>>> > only on that nic? i dont want IPSEC confusing itself with the other
>>> > nics / ips
>>> >
>>> You can specify the interface to use in /etc/ipsec.conf. Add an entry in
>>> the "config setup" section at the top like:
>>>   plutoopts="--interface eth1"
>>>
>>> /Andy
>>>
>>> > --
>>> > This message has been scanned for viruses and
>>> > dangerous content by MailScanner, and is
>>> > believed to be clean.
>>> > _______________________________________________
>>> > Users at lists.openswan.org
>>> > https://lists.openswan.org/mailman/listinfo/users
>>> > Micropayments:
>>> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> > Building and Integrating Virtual Private Networks with Openswan:
>>> >
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>>
>>>
>>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> Regards
>
> Dan.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130213/6b4b894e/attachment-0001.html>

More information about the Users mailing list