Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 928 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN does NOT WORK

toddyo_01
I have tried to use the PGPnet 7.1 EVAL client, the PGPnet 7.03 Freeware Client and the SSH 1.1.1 Beta 3 Client.  So far not so good....

Here is my config,

eth0 --> 192.168.1.2/24 (Internal)
eth1 --> 216.83.232.75/24 (Internet)
eth2 --> 192.168.3.2/24 (DMZ)

I have defined the network:
 DMZ Network  192.168.3.0 255.255.255.0

I have added the following PF rules:
 Any         .. Any .. DMZ Network .. Allow
 DMZ Network .. Any .. Any         .. Allow

I have defined the VPN Connection:
 Roadwarriors
       DMZ Network  Internet  Any

The VPN Status looks like the following:
000 "Roadwarriors_1": 192.168.250.0/24===216.83.232.75---216.83.232.65...%any
000 "Roadwarriors_1":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 1
000 "Roadwarriors_1":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: 
000 "Roadwarriors_1":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000  

Using the PGPnet 7.1 Eval Client, I configure a "VPN Gateway" on Address 216.83.232.75 as described in the VPN_HOWTO.  I also defined a "Subnet" of 192.168.3.0/24 under the VPN Gateway.

When I attempt the connection, the client times out with the following (Advanced) log:

00:22:37: SARequest: 216.83.232.75 (192.168.250.0/255.255.255.0)
00:22:37:  New Identity Exchange - Initiator
00:22:37: Initiating Phase 1 Keying
00:22:37: Send: SA/Vendor/Vendor/SENT

00:22:41: No Response - Resent last packet (3 tries remaining)
00:22:43: SARequest: 216.83.232.75 (216.83.232.75/255.255.255.255)
00:22:43:  New Identity Exchange - Initiator
00:22:43: Initiating Phase 1 Keying
00:22:43: Send: SA/Vendor/Vendor/SENT

00:22:47: No Response - Resent last packet (3 tries remaining)
00:22:48: No Response - Resent last packet (2 tries remaining)
00:22:53: No Response - Resent last packet (2 tries remaining)
00:22:56: No Response - Resent last packet (1 tries remaining)
00:23:02: No Response - Resent last packet (1 tries remaining)
00:23:05: No Response - Resent last packet (0 tries remaining)
00:23:05: ALERT(L): 216.83.232.75, alert=ResponseTimeout
00:23:05: SAFailed: 216.83.232.75 (192.168.250.0/255.255.255.0)
00:23:05: SAFailed: 216.83.232.75 (216.83.232.75/255.255.255.255)
00:23:05: SARequest: 216.83.232.75 (216.83.232.75/255.255.255.255)
00:23:05:  New Identity Exchange - Initiator
00:23:05: Initiating Phase 1 Keying
00:23:05: Send: SA/Vendor/Vendor/SENT

00:23:09: No Response - Resent last packet (3 tries remaining)
00:23:15: No Response - Resent last packet (2 tries remaining)
00:23:24: No Response - Resent last packet (1 tries remaining)
00:23:32: No Response - Resent last packet (0 tries remaining)
00:23:32: ALERT(L): 216.83.232.75, alert=ResponseTimeout
00:23:32: SAFailed: 216.83.232.75 (216.83.232.75/255.255.255.255)

The VPN LiveLog displays the following:

Jun 26 21:31:12 cu28063fw1main Pluto[8529]:| 
Jun 26 21:31:12 cu28063fw1main Pluto[8529]:| 
Jun 26 21:31:12 cu28063fw1main Pluto[8529]:| *received whack message 
Jun 26 21:31:12 cu28063fw1main Pluto[8529]:| *received whack message 
Jun 26 21:31:12 cu28063fw1main Pluto[8529]:| next event EVENT_REINIT_SECRET in 3259 seconds 
Jun 26 21:31:12 cu28063fw1main Pluto[8529]:| next event EVENT_REINIT_SECRET in 3259 seconds 


In every attempt (and client) the VPN LiveLog keeps displaying the "*received whack message". What is a "Whack Message"?  Is there something that I am missing or doing wrong?  I do not understand.


This thread was automatically locked due to age.
Unfiltered HTML