[Openswan Users] How to Bind to nic?
Bob Miller
bob at computerisms.ca
Wed Feb 13 17:43:16 EST 2013
Logs look a little odd, but it's difficult to say what is happening
without a look at the ipsec.conf and similar files:
>
>
> > Log from Server
> > "client1"[1] ClientExternal IP #14: NAT-Traversal: Result
> > using RFC 3947 (NAT-Traversal): peer is NATed
> > "client1"[1] ClientExternal IP #14: transition from state
> > STATE_MAIN_R1 to state STATE_MAIN_R2
> > "client1"[1] ClientExternal IP #14: STATE_MAIN_R2: sent MR2,
> > expecting MI3
> > "client1"[1] ClientExternal IP #14: Main mode peer ID is
> > ID_FQDN: '@client1'
is the fqdn of the client really client1? does it match the cn on the
certificate? does it match the right/leftid in ipsec.conf?
> > "client1"[1] ClientExternal IP #14: transition from state
> > STATE_MAIN_R2 to state STATE_MAIN_R3
> > "client1"[1] ClientExternal IP #14: new NAT mapping for #14,
> > was ClientExternal IP:500, now ClientExternal IP:12072
> > "client1"[1] ClientExternal IP #14: STATE_MAIN_R3: sent MR3,
> > ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128
> > prf=oakley_sha group=modp2048}
> > "client1"[1] ClientExternal IP #14: Dead Peer Detection (RFC
> > 3706): enabled
> > "client1"[1] ClientExternal IP #14: retransmitting in
> > response to duplicate packet; already STATE_MAIN_R3
> > "client1"[1] ClientExternal IP #13: DPD: No response from
> > peer - declaring peer dead
Is your vpn server behind nat? Maybe your dpd timeout is too low?
Either way, this probably indicates a misconfiguration somewhere...
>
More information about the Users
mailing list