Hello all,
about a month ago, I was able to create a site to site RSA VPN using Astaro 6.103; I was able to route traffic between the remote networks. Since then I had shut down the VPN as it was not needed. Today, however, management wanted the VPN turned on. I turned it on, SAs were established, however, I am unable to route traffic.
I did modify my packet filters to lock down the machine, as a test however I allowed to any from any at the top of my rules list to ensure it's not the packet filter to no avail though.
One other change I made was upgrde to 6.105 when it came out.
Has anyone ever experienced such issues before?
Below is the current status of one side of my VPN:
[www.superfund2.gd] VPN Status: Auto refresh (Press F5 to refresh manually)
000
000 "S_SitetoSite205__214__211__50_0": 192.168.111.0/24===216.110.114.101...205.214.211.50===192.168.113.0/24; erouted; eroute owner: #16
000 "S_SitetoSite205__214__211__50_0": srcip=unset; dstip=unset; srcup=/opt/_updown.classic 2>/tmp/log 1>/tmp/log; dstup=/opt/_updown.classic 2>/tmp/log 1>/tmp/log;
000 "S_SitetoSite205__214__211__50_0": ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "S_SitetoSite205__214__211__50_0": policy: RSASIG+ENCRYPT+TUNNEL+UP; prio: 24,24; interface: eth7;
000 "S_SitetoSite205__214__211__50_0": dpd: action:restart; delay:30; timeout:120;
000 "S_SitetoSite205__214__211__50_0": newest ISAKMP SA: #14; newest IPsec SA: #16;
000 "S_SitetoSite205__214__211__50_0": IKE algorithms wanted: 5_000-1-5, flags=-strict
000 "S_SitetoSite205__214__211__50_0": IKE algorithms found: 5_192-1_128-5,
000 "S_SitetoSite205__214__211__50_0": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 "S_SitetoSite205__214__211__50_0": ESP algorithms wanted: 3_000-1, flags=-strict
000 "S_SitetoSite205__214__211__50_0": ESP algorithms loaded: 3_000-1, flags=-strict
000 "S_SitetoSite205__214__211__50_0": ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=
000
000 #16: "S_SitetoSite205__214__211__50_0":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2109s; newest IPSEC; eroute owner
000 #16: "S_SitetoSite205__214__211__50_0" esp.43fd3d9c@205.214.211.50 esp.8f1add92@216.110.114.101 tun.1008@205.214.211.50 tun.1007@216.110.114.101
000 #15: "S_SitetoSite205__214__211__50_0":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2615s
000 #15: "S_SitetoSite205__214__211__50_0" esp.43fd3d9b@205.214.211.50 esp.8f1add91@216.110.114.101 tun.1006@205.214.211.50 tun.1005@216.110.114.101
000 #14: "S_SitetoSite205__214__211__50_0":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 6814s; newest ISAKMP; lastdpd=23s(seq in:2288 out:0)
000
Regards,
Richard.
This thread was automatically locked due to age.