[Openswan Users] iked (Internet Key Exchange Daemon) in Watchguard Firebox T30 Firewall Not Working Properly?

Turritopsis Dohrnii Teo En Ming ceo at teo-en-ming-corp.com
Sun Apr 7 00:43:17 EDT 2019


Subject/Topic: iked (Internet Key Exchange Daemon) in Watchguard Firebox T30 Firewall Not Working Properly?

Good morning from Singapore,

On the late afternoon of 4th April 2019 Thursday, our customer Teo En Ming Aeronautics and Space Administration (TEMASA) (fictitious company name) informed us that their site-to-site IPsec VPN tunnel was down.

Our customer Teo En Ming Aeronautics and Space Administration (TEMASA) (fictitious company name) has a Watchguard Firebox T30 firewall in their headquarters and a Sophos UTM (SG) firewall in the Cloud. Both firewalls were configured for site-to-site IPsec VPN tunnel.

We checked the VPN diagnostic logs in the Watchguard firewall and tried all possible combinations for IPsec Phase 1 and Phase 2 settings from 5.30 PM to 9.00 PM Singapore time but to no avail. We have also examined the firewall policies and changed the IPsec pre-shared key.

At 9.15 AM on 5th April 2019 Friday, we went on-site to our customer TEMASA. I asked my counterpart, the Cloud Administrator, to change the IPsec pre-shared key and also IPsec Phase 1 and Phase 2 settings in the Sophos UTM firewall according to the Sophos UTM IPsec Phase 1 and Phase 2 settings screenshot I sent to her. On our side, I also changed the IPsec pre-shared key and IPsec Phase 1 and Phase 2 settings in the Watchguard firewall to sync with the Sophos UTM firewall. The site-to-site IPsec VPN tunnel is still down after all the changes and fine-tuning.

At about 11.08 AM Singapore Time, I requested to reboot the Watchguard firewall. I also dug deeper into the VPN diagnostics logs and found out that UserSpace iked (Internet Key Exchange Daemon) had crashed before in the year 2017, 3 years ago.

At about 1.48 PM Singapore Time (Lunch Time), we rebooted the Watchguard firewall. The site-to-site IPsec VPN tunnel came up and went online!

Although the iked daemon did not crash this time (4th April 2019), do you think that the iked daemon is not working properly? Or the process is stale? Because after we rebooted the Watchguard firewall, the site-to-site IPsec VPN tunnel became operational again. Looking at the VPN diagnostics logs in the Watchguard firewall, I observed that the iked daemon is responsible for handling all the site-to-site IPsec VPN tunnel connections.

The Watchguard firewall OS is based on Linux operating system. It is possible to ssh into the firewall and restart the iked process, without rebooting the firewall itself.

I am looking forward to your advice.

Thank you very much.

-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Mr. Turritopsis Dohrnii Teo En Ming's Academic
Qualifications as at 14 Feb 2019

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20190407/49d719fa/attachment-0001.html>


More information about the Users mailing list