Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 1837 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

strange net-net ipsec issues with astaro 3.216

ieatcats
morning,

I've had two active tunnels setup between two locations for about a week now.  Today however, they just stopped passing through any data..

-both sites have static ip, using domain name as local vpn identifier on one side and ipv4 on the other
-ipsec, rsa 1024 keys for authentication
-astaro 3.216 - home/office version

here is the route from local asl gateway:
5          192.168.50.0/24    -> 192.168.100.0/24   => tun0x1004@68.162.8x.12x

and the one from remote:
161        192.168.100.0/24   -> 192.168.50.0/24    => tun0x1004@63.162.22x.7x

weird thing is there are packets being exchanged, but I cannot reach the remote network, nor can i reach the remote asl gateway.

Fot testing purposes, I have tried restoring from backups and rebuilding the vp connections.  also, packet filter all/all/allow is enabled.

Please advise...  thank you  


This thread was automatically locked due to age.
Parents
  • 0
    i've also been looking through ipsec logfiles and this cought my attention:

    Pluto[4223]: ERROR: asynchronous network error report on eth2 for message to 63.162.22x.7x port 500, complainant 63.162.22x.7x: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)] 

    not authenticated?  i'm a freeswan n00b pls help : )   
  • 0 in reply to ieatcats
    well I finally gave up on it this weekend and upgraded one of the vpn endpoints to asl4.  Established a an ipsec tunnel again with asl4 and asl 3.216 and everything was working alright.  But now it's "stuck" again and not passing through any data...someone please help me out here.. 
  • 0 in reply to ieatcats
    Sounds like data corruption.  How stable are the two ends ?  I've not had much experience with hostname VPN's.  I usually use IPV4 address or email address.

    Are you specifying both subnets in the Connections screen ?
     
Reply Children
No Data
Cookie Information Banner