[Openswan Users] Tunnel failing to come up

Managed Pvt nets mpn at icabs.co.zw
Wed Jan 21 16:22:07 EST 2015 

Hello everyone,

I am a newbie and I hope someone can save me from pulling my hair out 
here.

I am trying to setup an IPSec VPN site to site (PSK) with details as 
follows:

==>Left Side (Which I am managing)

Debian GNU/Linux 7.0.0 Wheezy
Linux hostname 3.2.0-4-amd64
Linux Openswan U2.6.37/K3.2.0-4-amd64 (netkey)


==>Right Side (Provider Side)

Windows Server 2008R2
Microsoft Forefront TMG

Both sides have a
Phase 1
Pre-Shared Key, 3des-sha1

Phase 2
3des-sha1

My tunnel just wont come up. I have checked with:

========
# ipsec verify
Checking your system to see if IPsec got installed and started 
correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.37/K3.2.0-4-amd64 (netkey)
Checking for IPsec support in kernel                            [OK]
  SAref kernel support                                           [N/A]
  NETKEY:  Testing XFRM related proc values                      [OK]
         [OK]
         [OK]
Checking that pluto is running                                  [OK]
  Pluto listening for IKE on udp 500                             [OK]
  Pluto listening for NAT-T on udp 4500                          [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing                                  [OK]
Checking for 'ip' command                                       [OK]
Checking /bin/sh is not /bin/dash                               [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                
[DISABLED]
# service ipsec status
IPsec running  - pluto pid: 2780
pluto pid 2780
No tunnels up
#ipsec auto --status
[snip/...]
000 #1: "tunnel1":500 STATE_MAIN_I1 (sent MI1, expecting MR1); none in 
-1s; nodpd; idle; import:admin initiate
000 #1: pending Phase 2 for "tunnel1" replacing #0
000
========

This Debian box is running NAT, and the Debian box is the gateway behind 
the main router leading up to the internet as follows:


((left lan))-->{{Debian Linux with Openswan + 
Nat}}-->[router]--><<internet>><--[MS 2008 Forefront]

Would appreciate some guides on how I can go about this.

Many thanks,

MPN.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150121/839af46c/attachment.html>

More information about the Users mailing list