[Openswan Users] No tunnel up

users-bounces at lists.openswan.org users-bounces at lists.openswan.org
Tue Sep 10 21:44:08 UTC 2013


Saved from the spam bucket.  Please remember to subscribe to the mailing before posting to it.


From: Marcelo Martins <martinsmc at gmail.com>
Subject: No tunnel up
Date: 10 September, 2013 5:44:04 PM EDT
To: users at lists.openswan.org


Hi all 

I try a lab to solve a issue on my site. 
 
But my lab not up ipsec tunnel.. is possible any tips for where I am wrong? 

I using 2 linux  on my vmware workstation with openswan-2.6.16

Machine1 -  eth0 IP  172.17.2.50  and eth1  IP 192.168.0.1/24  
machine 2 - eth0 ip 172.17.2.35   and eth1 10.3.0.0/16 

I try up a vpn on 2 machines, but tunnel not up, I receive this information on status on both servers

#rcipsec status 
IPsec running  - pluto pid: 15363 
pluto pid 15363 
No tunnels up 

I try a simple configuration,same /etc/ipsec.cong on twos Servers bellow: 

version 2.0 	# conforms to second version of ipsec.conf specification 
config setup 
		interfaces=%defaultroute 
		protostack=netkey 
		uniqueids=no 
		oe=no 
conn teste-1 
		left=172.17.2.50 
		leftsubnet=192.168.0.0/24	
                leftrsasigkey=0sAQNiR10vw0...< cut.>  
		right=172.17.2.35 
		rightsubnet=10.3.0.0/16 
		rightrsasigkey=0sAQN5cjrUq <cut>.. 
		auto=start 
include /etc/ipsec.d/no_oe.conf 

run: 
# rcipsec start 

run ipsec verify 

SLES11SP2:~ # ipsec verify 
Checking your system to see if IPsec got installed and started correctly: 
Version check and ipsec on-path 							[OK] 
Linux Openswan U2.6.16/K3.0.13-0.27-default (netkey) 
Checking for IPsec support in kernel 					   [OK] 
NETKEY detected, testing for disabled ICMP send_redirects   [OK] 
NETKEY detected, testing for disabled ICMP accept_redirects [OK] 
Checking for RSA private key (/etc/ipsec.secrets) 		  [OK] 
Checking that pluto is running 							 [OK] 
Two or more interfaces found, checking IP forwarding 	   [OK] 
Checking NAT and MASQUERADEing 							 [N/A] 
Checking for 'ip' command 								  [OK] 
Checking for 'iptables' command 							[OK] 
Opportunistic Encryption Support 						   [DISABLED] 

Logs are same on two machines

#grep pluto /var/log/messages 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: received Vendor ID payload [Openswan (this version) 2.6.16 ] 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: received Vendor ID payload [Dead Peer Detection] 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: STATE_MAIN_I2: sent MI2, expecting MR2 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: STATE_MAIN_I3: sent MI3, expecting MR3 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: received Vendor ID payload [CAN-IKEv2] 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: Main mode peer ID is ID_IPV4_ADDR: '172.17.2.35' 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=aes_128 prf=oakley_sha group=modp2048} 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #4: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:1c47c6f9 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP2048} 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #4: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 
Sep  4 17:16:59 SLES11SP2 pluto[15064]: "teste-1" #4: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x90471c5e <0x648edcc2 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none} 

I see IPSEC SA established, but tunnel not up.  


If any ideas, let me know :) 

Thanks 
-
Marcelo Martins
http://martinsmc.blogspot.com

Grupo Astronomia Nevoeiro
http://www.nevoeiro.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130910/e795e98e/attachment.html>


More information about the Users mailing list