This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

asl to asl net to net vpn causes errors

hi @ all,

i plugged together two asl boxes in order to excrypt voip traffic trough a vpn.

i configured the boxes so i can ping from int lan to the external interface of the remote fw.

made entrys for the vpn connection and entered two packet filter rules each to accept in and outgoing traffic from the remote net.

icmp forwarding activated

there are the error messages and logs of my two firewalls:

firewall 1:

route 15         192.168.0.0/24     -> 192.168.3.0/24     => %hold

   000 interface ipsec0/eth0 192.168.0.2
000 interface ipsec1/eth1 192.168.1.1
000
000 "telephony_1": 192.168.0.0/24===192.168.1.1---192.168.1.2...
000 "telephony_1": ...192.168.2.2===192.168.3.0/24
000 "telephony_1":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "telephony_1":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1; routed HOLD
000 "telephony_1":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000
000 #1: "telephony_1" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 4s



VPN LiveLog

Mar 19 11:11:16 fw1 Pluto[1101]:forgetting secrets
Mar 19 11:11:16 fw1 Pluto[1101]:shutting down
Mar 19 11:11:16 fw1 Pluto[1101]:shutting down interface ipsec0/eth0 192.168.0.2
Mar 19 11:11:16 fw1 Pluto[1101]:shutting down interface ipsec1/eth1 192.168.1.1
Mar 19 11:11:16 fw1 ipsec_setup:Stopping FreeS/WAN IPSEC...
Mar 19 11:11:17 fw1 ipsec_setup:...FreeS/WAN IPSEC stopped
Mar 19 11:11:18 fw1 Pluto[9960]:Starting Pluto (FreeS/WAN Version 1.91)
Mar 19 11:11:18 fw1 ipsec_setup:KLIPS debug `none'
Mar 19 11:11:18 fw1 ipsec_setup:KLIPS ipsec0 on eth0 192.168.0.2/255.255.255.0 broadcast 192.168.0.255
Mar 19 11:11:18 fw1 ipsec_setup:KLIPS ipsec1 on eth1 192.168.1.1/255.255.255.0 broadcast 192.168.1.255
Mar 19 11:11:18 fw1 ipsec_setup  luto debug `none'
Mar 19 11:11:18 fw1 ipsec_setup:Starting FreeS/WAN IPSEC 1.91...
Mar 19 11:11:19 fw1 Pluto[9960]:"telephony_1" #1: initiating Main Mode
Mar 19 11:11:19 fw1 Pluto[9960]:added connection description "telephony_1"
Mar 19 11:11:19 fw1 Pluto[9960]:adding interface ipsec0/eth0 192.168.0.2
Mar 19 11:11:19 fw1 Pluto[9960]:adding interface ipsec1/eth1 192.168.1.1
Mar 19 11:11:19 fw1 Pluto[9960]:listening for IKE messages
Mar 19 11:11:19 fw1 Pluto[9960]:loading secrets from "/etc/ipsec.secrets"
Mar 19 11:11:19 fw1 ipsec_setup:...FreeS/WAN IPSEC started
Mar 19 11:11:19 fw1 ipsec_setup:104 "telephony_1" #1: STATE_MAIN_I1: initiate

stop LiveLog

firewall 2:

route 0          192.168.3.0/24     -> 192.168.0.0/24     => %trap

000 interface ipsec0/eth0 192.168.3.1
000 interface ipsec1/eth1 192.168.2.2
000
000 "telephony_1": 192.168.3.0/24===192.168.2.2---192.168.2.1...
000 "telephony_1": ...192.168.1.1===192.168.0.0/24
000 "telephony_1":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "telephony_1":   policy: PSK+ENCRYPT+TUNNEL+PFS; interface: eth1; trap erouted
000 "telephony_1":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000
000 #1: "telephony_1" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 15s



VPN LiveLog

Mar 19 11:12:49 fw2 Pluto[17239]:Starting Pluto (FreeS/WAN Version 1.91)
Mar 19 11:12:49 fw2 ipsec_setup:...FreeS/WAN IPSEC stopped
Mar 19 11:12:49 fw2 ipsec_setup:KLIPS debug `none'
Mar 19 11:12:49 fw2 ipsec_setup:KLIPS ipsec0 on eth0 192.168.3.1/255.255.255.0 broadcast 192.168.3.255
Mar 19 11:12:49 fw2 ipsec_setup:KLIPS ipsec1 on eth1 192.168.2.2/255.255.255.0 broadcast 192.168.2.255
Mar 19 11:12:49 fw2 ipsec_setup  luto debug `none'
Mar 19 11:12:49 fw2 ipsec_setup:Starting FreeS/WAN IPSEC 1.91...
Mar 19 11:12:50 fw2 Pluto[17239]:"telephony_1" #1: initiating Main Mode
Mar 19 11:12:50 fw2 Pluto[17239]:added connection description "telephony_1"
Mar 19 11:12:50 fw2 Pluto[17239]:adding interface ipsec0/eth0 192.168.3.1
Mar 19 11:12:50 fw2 Pluto[17239]:adding interface ipsec1/eth1 192.168.2.2
Mar 19 11:12:50 fw2 Pluto[17239]:listening for IKE messages
Mar 19 11:12:50 fw2 Pluto[17239]:loading secrets from "/etc/ipsec.secrets"
Mar 19 11:12:50 fw2 ipsec_setup:...FreeS/WAN IPSEC started
Mar 19 11:12:50 fw2 ipsec_setup:104 "telephony_1" #1: STATE_MAIN_I1: initiate
Mar 19 11:13:00 fw2 Pluto[17239]:ERROR: "telephony_1" #1: sendto() on eth1 to 192.168.1.1:500 failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted
Mar 19 11:13:20 fw2 Pluto[17239]:ERROR: "telephony_1" #1: sendto() on eth1 to 192.168.1.1:500 failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted
Mar 19 11:15:20 fw2 Pluto[17239]:ERROR: "telephony_1" #1: sendto() on eth1 to 192.168.1.1:500 failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted
Mar 19 11:17:20 fw2 Pluto[17239]:ERROR: "telephony_1" #1: sendto() on eth1 to 192.168.1.1:500 failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted
Mar 19 11:19:20 fw2 Pluto[17239]:ERROR: "telephony_1" #1: sendto() on eth1 to 192.168.1.1:500 failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted

stop LiveLog

i hope someone knows about that problem.

ben

This thread was automatically locked due to age.