This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AWS VPN not connecting

after creating the VPC, IGW, CGW, VPN and cross associating as required in the AWS console, I followed the setup instructions for the Amazon site to site VPN, uploaded the configuration file and applied it. The file was uploaded successfully, but the tunnels will not connect. can anyone point me in the right direction? adding the connection file from amazon also.

UTM 9 ASG Software VMWare firmware 9.000-8 pattern version 35598

following are the live log entries:

2012:08:20-18:12:31 xyz-utm ipsec_starter[3908]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
2012:08:20-18:12:31 xyz-utm pluto[3916]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
2012:08:20-18:12:31 xyz-utm pluto[3916]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
2012:08:20-18:12:31 xyz-utm pluto[3916]: including NAT-Traversal patch (Version 0.6c)
2012:08:20-18:12:31 xyz-utm pluto[3916]: Using Linux 2.6 IPsec interface code
2012:08:20-18:12:31 xyz-utm ipsec_starter[3915]: pluto (3916) started after 20 ms
2012:08:20-18:12:31 xyz-utm pluto[3916]: loading ca certificates from '/etc/ipsec.d/cacerts'
2012:08:20-18:12:31 xyz-utm pluto[3916]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2012:08:20-18:12:31 xyz-utm pluto[3916]: loading aa certificates from '/etc/ipsec.d/aacerts'
2012:08:20-18:12:31 xyz-utm pluto[3916]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2012:08:20-18:12:31 xyz-utm pluto[3916]: Changing to directory '/etc/ipsec.d/crls'
2012:08:20-18:12:31 xyz-utm pluto[3916]: loading attribute certificates from '/etc/ipsec.d/acerts'
2012:08:20-18:12:31 xyz-utm pluto[3916]: listening for IKE messages
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface vpc0.1/vpc0.1 169.254.253.22:500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface vpc0.1/vpc0.1 169.254.253.22:4500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface vpc0.0/vpc0.0 169.254.253.18:500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface vpc0.0/vpc0.0 169.254.253.18:4500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface eth1/eth1 108.58.***.YYY:500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface eth1/eth1 108.58.***.YYY:4500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface eth0/eth0 192.168.AAA.BBB:500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface eth0/eth0 192.168.AAA.BBB:4500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface lo/lo 127.0.0.1:500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface lo/lo 127.0.0.1:4500
2012:08:20-18:12:31 xyz-utm pluto[3916]: adding interface lo/lo ::1:500
2012:08:20-18:12:31 xyz-utm pluto[3916]: loading secrets from "/etc/ipsec.secrets"
2012:08:20-18:12:31 xyz-utm pluto[3916]: loaded PSK secret for 108.58.***.YYY 204.246.163.#1
2012:08:20-18:12:31 xyz-utm pluto[3916]: loaded PSK secret for 108.58.***.YYY 204.246.163.#2
2012:08:20-18:12:31 xyz-utm pluto[3916]: added connection description "S_vpn-b21e4ef7 [1]"
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #1: initiating Main Mode
2012:08:20-18:12:31 xyz-utm pluto[3916]: added connection description "S_vpn-b21e4ef7 [2]"
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #2: initiating Main Mode
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #2: received Vendor ID payload [Dead Peer Detection]
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #1: received Vendor ID payload [Dead Peer Detection]
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #1: Peer ID is ID_IPV4_ADDR: '204.246.163.#1'
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #1: Dead Peer Detection (RFC 3706) enabled
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #1: ISAKMP SA established
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #2: Peer ID is ID_IPV4_ADDR: '204.246.163.#2'
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #2: Dead Peer Detection (RFC 3706) enabled
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #2: ISAKMP SA established
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#2}
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #4: ERROR: netlink response for Add SA esp.9de2cb8d@204.246.163.#2 included errno 34: Numerical result out of range
2012:08:20-18:12:31 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #3: ERROR: netlink response for Add SA esp.6e01c25e@204.246.163.#1 included errno 34: Numerical result out of range
2012:08:20-18:12:32 xyz-utm pluto[3916]: packet from 204.246.163.#2:500: received Vendor ID payload [Dead Peer Detection]
2012:08:20-18:12:32 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #5: responding to Main Mode
2012:08:20-18:12:32 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #5: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2012:08:20-18:12:32 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #5: Peer ID is ID_IPV4_ADDR: '204.246.163.#2'
2012:08:20-18:12:32 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #5: Dead Peer Detection (RFC 3706) enabled
2012:08:20-18:12:32 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #5: sent MR3, ISAKMP SA established
2012:08:20-18:12:35 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #6: responding to Quick Mode
2012:08:20-18:12:35 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #6: ERROR: netlink response for Add SA esp.fed46ed8@204.246.163.#2 included errno 34: Numerical result out of range
2012:08:20-18:12:36 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #4: ERROR: netlink response for Add SA esp.9de2cb8d@204.246.163.#2 included errno 34: Numerical result out of range
2012:08:20-18:12:36 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #3: ERROR: netlink response for Add SA esp.6e01c25e@204.246.163.#1 included errno 34: Numerical result out of range
2012:08:20-18:12:39 xyz-utm pluto[3916]: packet from 204.246.163.#1:500: received Vendor ID payload [Dead Peer Detection]
2012:08:20-18:12:39 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #7: responding to Main Mode
2012:08:20-18:12:39 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #7: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2012:08:20-18:12:39 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #7: Peer ID is ID_IPV4_ADDR: '204.246.163.#1'
2012:08:20-18:12:39 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #7: Dead Peer Detection (RFC 3706) enabled
2012:08:20-18:12:39 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #7: sent MR3, ISAKMP SA established
2012:08:20-18:12:40 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #8: responding to Quick Mode
2012:08:20-18:12:40 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [1]" #8: ERROR: netlink response for Add SA esp.7b117010@204.246.163.#1 included errno 34: Numerical result out of range
2012:08:20-18:12:45 xyz-utm pluto[3916]: "S_vpn-b21e4ef7 [2]" #6: ERROR: netlink response for Add SA esp.fed46ed8@204.246.163.#2 included errno 34: Numerical result out of range[/SIZE]

This thread was automatically locked due to age.

0 BrucekConvergent over 13 years ago

Known issue, I believe. Up2date to 9.001-18.
Cancel
Vote Up 0 Vote Down

Cancel
0 gjf58 over 13 years ago in reply to BrucekConvergent

Thanks, Bruce! Your suggestion to upgrade to -18 worked like a charm.

I resisted doing this because previously when i performed the up2date, the updated firmware must have corrupted- the OS kept resetting and rebooting the VM.
Cancel
Vote Up 0 Vote Down

Cancel