[Openswan Users] Openswan-Juniper SRX stuck in "STATE_QUICK_I1"

Emanuel Badilla emanuel_badilla at hotmail.com
Tue Nov 26 15:16:18 UTC 2013 

Hello all, I hope someone here can help me, I run out of ideas...

 

I am trying to make 2 tunnels from a CentOS 6.4 x64 server to a Juniper SRX
2500 on separate locations.

Now, the issue is that when I try to bring the tunnels up it gets stuck in
"STATE_QUICK_I1"

I read a lot and I suspect that the problem is with the encryption for the
IPSEC stage, the problem is that as far as I understand, it supposed to be
correct, on the SRX, I am using the "Standard" proposal set, which use
"g2-aes128-sha1" (the one I am using right now) for IKE (which is ok on my
configuration) and "esp-g2" or "aes128-sha1" (using it)

 

Here are my conf files so that you can have an idea...

 

conn DSBondbkup

        type=tunnel

        authby=secret

        pfs=yes

        rekey=yes

        auto=start

        keylife=8h

        keyingtries=0

        keyexchange=ike

        ike=aes128-sha1;modp1024!

        phase2=esp

        phase2alg=aes128-sha1!

#################################

#       Openswan Centos

        left="Centos Server public ip ISP 1"

        leftid="Centos Server public ip ISP 1"

        leftnexthop=%defaultroute

        leftsubnet=172.16.31.216/30

#################################

#       SRX

        right="SRX public ip ISP 1"

        rightid="SRX public ip ISP 1"

        rightnexthop=%defaultroute

        rightsubnet=172.16.31.217/30

 

*******************AND*********************

 

conn TigoBondbkup

        type=tunnel

        authby=secret

        pfs=yes

        rekey=yes

        auto=start

        keylife=8h

        keyingtries=0

        keyexchange=ike

        ike=aes128-sha1;modp1024!

        phase2=esp

        phase2alg=aes128-sha1!

##############################

#       Estribo

        left="Centos Server public ip ISP 2"

        leftid="Centos Server public ip ISP 2"

        leftnexthop=%defaultroute

        leftsubnet=172.16.31.212/30

##############################

#       SRX

        right="SRX public ip ISP 2"

        rightid="SRX public ip ISP 2"

        rightnexthop=%defaultroute

        rightsubnet=172.16.31.213/30

 

 

ISP 1 and IPS 2 are the same on both locations, but of course with different
ip range. If there is any other information needed missing, please le me
know.

Once again, I hope somebody from here is able to help me, thank you very
much in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131126/543afd1a/attachment.html>

More information about the Users mailing list