[Openswan Users] No tunnel up
users-bounces at lists.openswan.org
users-bounces at lists.openswan.org
Tue Sep 10 21:44:08 UTC 2013
Saved from the spam bucket. Please remember to subscribe to the mailing before posting to it.
From: Marcelo Martins <martinsmc at gmail.com>
Subject: No tunnel up
Date: 10 September, 2013 5:44:04 PM EDT
To: users at lists.openswan.org
Hi all
I try a lab to solve a issue on my site.
But my lab not up ipsec tunnel.. is possible any tips for where I am wrong?
I using 2 linux on my vmware workstation with openswan-2.6.16
Machine1 - eth0 IP 172.17.2.50 and eth1 IP 192.168.0.1/24
machine 2 - eth0 ip 172.17.2.35 and eth1 10.3.0.0/16
I try up a vpn on 2 machines, but tunnel not up, I receive this information on status on both servers
#rcipsec status
IPsec running - pluto pid: 15363
pluto pid 15363
No tunnels up
I try a simple configuration,same /etc/ipsec.cong on twos Servers bellow:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces=%defaultroute
protostack=netkey
uniqueids=no
oe=no
conn teste-1
left=172.17.2.50
leftsubnet=192.168.0.0/24
leftrsasigkey=0sAQNiR10vw0...< cut.>
right=172.17.2.35
rightsubnet=10.3.0.0/16
rightrsasigkey=0sAQN5cjrUq <cut>..
auto=start
include /etc/ipsec.d/no_oe.conf
run:
# rcipsec start
run ipsec verify
SLES11SP2:~ # ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.16/K3.0.13-0.27-default (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [N/A]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
Logs are same on two machines
#grep pluto /var/log/messages
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: received Vendor ID payload [Openswan (this version) 2.6.16 ]
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: received Vendor ID payload [Dead Peer Detection]
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: received Vendor ID payload [CAN-IKEv2]
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: Main mode peer ID is ID_IPV4_ADDR: '172.17.2.35'
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048}
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:1c47c6f9 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048}
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Sep 4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x90471c5e <0x648edcc2 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
I see IPSEC SA established, but tunnel not up.
If any ideas, let me know :)
Thanks
-
Marcelo Martins
http://martinsmc.blogspot.com
Grupo Astronomia Nevoeiro
http://www.nevoeiro.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130910/e795e98e/attachment.html>
More information about the Users
mailing list