[Openswan Users] Ubuntu 14.04 (AWS VPC) IPSec Tunnel to Cisco
ednitido at gmail.com
Wed Oct 21 13:46:44 EDT 2015
I've been trying to set up a server-to-server IPSec VPN tunnel from a
Ubuntu 14.04 server hosted in Amazon to a clients Cisco (the logs say it's
a Cisco VPN 3000 Series).
I am new to IPSec so to test, i created 2 VPCs in amazon following this
guide http://aws.amazon.com/articles/5472675506466066. It worked, when I
checked ipsec status, it said I had 2 tunnels up.
Now, when I connect to the client, I get some weird messages in my pluto
"net2net" #1: received Vendor ID payload [Cisco-Unity]
"net2net" #1: received Vendor ID payload [XAUTH]
"net2net" #1: received Vendor ID payload [Dead Peer Detection]
"net2net" #1: received Vendor ID payload [RFC 3947] method set to=115
"net2net" #1: ignoring Vendor ID payload [Cisco IKE Fragmentation]
"net2net" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
"net2net" #1: protocol/port in Phase 1 ID Payload MUST be 0/0 or 17/500 but
are 17/0 (attempting to continue)
"net2net" #1: Aggressive mode peer ID is ID_IPV4_ADDR: '172.28.100.10'
| refine_connection: starting with net2net
| started looking for secret for MY_PUBLIC_IP->THIER_PUBLIC_IP of kind
| actually looking for secret for MY_PUBLIC_IP->THIER_PUBLIC_IP of kind
| line 2: key type PPK_PSK(MY_PUBLIC_IP) to type PPK_PSK
| 1: compared key THIER_PUBLIC_IP to MY_PUBLIC_IP / THIER_PUBLIC_IP -> 4
| 2: compared key MY_PUBLIC_IP to MY_PUBLIC_IP / THIER_PUBLIC_IP -> 12
| line 2: match=12
| best_match 0>12 best=0xb8829fb8 (line=2)
| concluding with best_match=12 best=0xb8829fb8 (lineno=2)
| match_id a=172.28.100.10
| results fail
| trusted_ca called with a=(empty) b=(empty)
| refine_connection: checking net2net against net2net, best=(none) with
| find_host_pair: comparing to 172.31.28.158:500 THIER_PUBLIC_IP:500
| find_host_pair_conn (refine_host_connection): 172.31.28.158:500 %any:500
"net2net" #1: no suitable connection for peer '172.28.100.10'
"net2net" #1: initial Aggressive Mode packet claiming to be from
THIER_PUBLIC_IP on THIER_PUBLIC_IP but no connection has been authorized
1) The Payload MUST be 0/0 or 17/500 -- how do I fix that?
2) Aggressive mode peer ID is ID_IPV4_ADDR -- is that my end or their end?
172.28.100.10 doesn't match my internal network (172.31.x.x) or theirs
3) Do I need to set up any iptables? I configured routing tables in Amazon
(following the guide)
Here is my configuration
Linux Openswan U2.6.38/K3.13.0-65-generic
## phase 1 ##
## phase 2 ##
MY_PUBLIC_IP THEIR_PUBLIC_IP : PSK "secret"
Thanks for any assistance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users