hello
i have been battling all day with this. i have reinstalled both my boxes so they are both clean installs.
info:
box1 - server - id: jhb.domain.com - 10.145.1.10 - belongs to site1
box2 - client -id: ct.domain.com - 10.145.3.10 - belongs to site2
both sites have firewalls that forward ipsec traffic to them.
site1 - fixed ip 196.x.x.x
site2 - dyndns.org ip 165.x.x.x
here are my logs:
box1:
[root@box1 root]# service ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 1.99...
^[[Aipsec_setup: Using /lib/modules/2.4.20-18.7/kernel/net/ipsec/ipsec.o
[root@box1 root]# tail -f /var/log/secure
Jun 6 17:35:05 box1 pluto[19184]: added connection description "net.local-net.10.145.3.0"
Jun 6 17:35:06 box1 pluto[19184]: added connection description "gate.local-gate.10.145.3.0"
Jun 6 17:35:06 box1 pluto[19184]: added connection description "gate.local-net.10.145.3.0"
Jun 6 17:35:06 box1 pluto[19184]: listening for IKE messages
Jun 6 17:35:06 box1 pluto[19184]: adding interface ipsec0/eth0 10.145.1.10
Jun 6 17:35:06 box1 pluto[19184]: loading secrets from "/etc/ipsec.secrets"
Jun 6 17:35:06 box1 pluto[19184]: "net.local-gate.10.145.3.0" #1: initiating Main Mode
Jun 6 17:35:07 box1 pluto[19184]: "net.local-gate.10.145.3.0" #1: Peer ID is ID_FQDN: '@ct.domain.com'
Jun 6 17:35:07 box1 pluto[19184]: "net.local-gate.10.145.3.0" #1: ISAKMP SA established
Jun 6 17:35:07 box1 pluto[19184]: "net.local-gate.10.145.3.0" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
Jun 6 17:35:14 box1 pluto[19184]: packet from 165.146.130.104:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Jun 6 17:35:31 box1 pluto[19184]: "net.local-net.10.145.3.0" #3: responding to Quick Mode
Jun 6 17:35:31 box1 pluto[19184]: "net.local-gate.10.145.3.0" #1: cannot respond to IPsec SA request because no connection is known for 10.145.1.0/24===10.145.1.10[@jhb.domain.com]...165.x.x.x[@ct.domain.com]===10.145.3.10/32
box2
[root@box2 root]# service ipsec start
ipsec_setup: Starting FreeS/WAN IPsec 1.99...
ipsec_setup: Using /lib/modules/2.4.20-18.7/kernel/net/ipsec/ipsec.o
^[[A[root@box2 root]# tail -f /var/log/secure
Jun 6 12:49:25 box2 pluto[5879]: added connection description "net.local-gate.10.145.1.0"
Jun 6 12:49:25 box2 pluto[5879]: added connection description "net.local-net.10.145.1.0"
Jun 6 12:49:25 box2 pluto[5879]: added connection description "gate.local-gate.10.145.1.0"
Jun 6 12:49:25 box2 pluto[5879]: listening for IKE messages
Jun 6 12:49:25 box2 pluto[5879]: adding interface ipsec0/eth0 10.145.3.10
Jun 6 12:49:25 box2 pluto[5879]: loading secrets from "/etc/ipsec.secrets"
Jun 6 12:49:25 box2 pluto[5879]: "gate.local-net.10.145.1.0" #1: initiating Main Mode
Jun 6 12:49:26 box2 pluto[5879]: "gate.local-net.10.145.1.0" #1: Peer ID is ID_FQDN: '@jhb.domain.com'
Jun 6 12:49:26 box2 pluto[5879]: "gate.local-net.10.145.1.0" #1: ISAKMP SA established
Jun 6 12:49:26 box2 pluto[5879]: "gate.local-net.10.145.1.0" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
Jun 6 12:49:28 box2 pluto[5879]: packet from 196.x.x.x:500: Quick Mode message is for a non-existent (expired?) ISAKMP SA
Jun 6 12:49:28 box2 last message repeated 2 times
Jun 6 12:49:34 box2 pluto[5879]: "gate.local-net.10.145.1.0" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
Jun 6 12:50:08 box2 pluto[5879]: "gate.local-gate.10.145.1.0" #4: responding to Quick Mode
Jun 6 12:50:08 box2 pluto[5879]: "gate.local-net.10.145.1.0" #1: cannot respond to IPsec SA request because no connection is known for 165.x.x.x/32===10.145.3.10[@ct.domain.com]...196.x.x.x[@jhb.domain.com]===10.145.1.0/24
I know whats causing the issue, just unsure how to fix it. my servers only have 1 nic each. the remote ip is my firewall. when i email the settings to myself, it tells me that my remote ip is : 192.168.65.17. I have no idea where is gets those settings from.
please could someone shed some light?
thanks
0 Replies
1052 Views