Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 4746 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site IPSec VPN

delirious
Hi there, 

i got a problem with s2s IPSec VPN between Astaro UTM and a GenIP UMTS Router. 

The Router got an dynamic public IP and is set up to initiate the VPN with PSK.

The Astaro should responde the request but it doesn't work. 

Earlier this day I got the failure that maybe the PSK isn't same on both systems but after I had checked this the message is another. 

2012:12:05-14:30:27 utm pluto[9217]: packet from 88.128.209.173:500: received Vendor ID payload [XAUTH]
2012:12:05-14:30:27 utm pluto[9217]: packet from 88.128.209.173:500: ignoring Vendor ID payload [RFC 3947]
2012:12:05-14:30:27 utm pluto[9217]: packet from 88.128.209.173:500: received Vendor ID payload [Dead Peer Detection]
2012:12:05-14:30:27 utm pluto[9217]: "S_REF_IpsRoaGenip_2"[1] 88.128.209.173 #4: responding to Main Mode from unknown peer 88.128.209.173
2012:12:05-14:30:28 utm pluto[9217]: "S_REF_IpsRoaGenip_2"[1] 88.128.209.173 #4: Peer ID is ID_FQDN: 'GenIP'
2012:12:05-14:30:28 utm pluto[9217]: "S_REF_IpsRoaGenip_2"[2] 88.128.209.173 #4: deleting connection "S_REF_IpsRoaGenip_2"[1] instance with peer 88.128.209.173 {isakmp=#0/ipsec=#0}
2012:12:05-14:30:28 utm pluto[9217]: "S_REF_IpsRoaGenip_2"[2] 88.128.209.173 #4: sent MR3, ISAKMP SA established
2012:12:05-14:30:29 utm pluto[9217]: "S_REF_IpsRoaGenip_2"[2] 88.128.209.173 #4: received Delete SA payload: deleting ISAKMP State #4
2012:12:05-14:30:29 utm pluto[9217]: "S_REF_IpsRoaGenip_2"[2] 88.128.209.173: deleting connection "S_REF_IpsRoaGenip_2"[2] instance with peer 88.128.209.173 {isakmp=#0/ipsec=#0}


I don't know why the connection could be established first and then deleted. 
Maybe someone can help me.

By the way, i tried same with remote IPsec Connection but this won't work aswell.

Cheers delirious


This thread was automatically locked due to age.
Parents
  • 0
    Hi, delirious, and welcome to the User BB!

    Please [Go Advanced] below and attach pictures of your 'IPsec Connection' and 'Remote Gateway'.  Also show the corresponding information from the GenIP UMTS Router.

    Cheers - Bob
Reply
  • 0
    Hi, delirious, and welcome to the User BB!

    Please [Go Advanced] below and attach pictures of your 'IPsec Connection' and 'Remote Gateway'.  Also show the corresponding information from the GenIP UMTS Router.

    Cheers - Bob
Children
  • 0 in reply to BAlfson
    Hi Bob, 

    thanks for your reply. 

    I attached pictures from GenIP settings and Astaro settings. 

    These are the messages i get every time i try to connect.

    2012:12:06-15:46:31 kathargo pluto[27637]: | 

    2012:12:06-15:46:31 kathargo pluto[27637]: | *received 136 bytes from 88.128.74.137:500 on eth1
     
    2012:12:06-15:46:31 kathargo pluto[27637]: packet from 88.128.74.137:500: received Vendor ID payload [XAUTH]
     
    2012:12:06-15:46:31 kathargo pluto[27637]: packet from 88.128.74.137:500: received Vendor ID payload [RFC 3947]
     
    2012:12:06-15:46:31 kathargo pluto[27637]: packet from 88.128.74.137:500: received Vendor ID payload [Dead Peer Detection]
     
    2012:12:06-15:46:31 kathargo pluto[27637]: | preparse_isakmp_policy: peer requests PSK authentication
     
    2012:12:06-15:46:31 kathargo pluto[27637]: | creating state object #6 at 0x8225300
     
    2012:12:06-15:46:31 kathargo pluto[27637]: | ICOOKIE: 15 53 40 c0 b1 c1 40 7c 

    2012:12:06-15:46:31 kathargo pluto[27637]: | RCOOKIE: 5c 29 75 82 07 1c eb 63 

    2012:12:06-15:46:31 kathargo pluto[27637]: | peer: 58 80 4a 89 

    2012:12:06-15:46:31 kathargo pluto[27637]: | state hash entry 12 

    2012:12:06-15:46:31 kathargo pluto[27637]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #6
     
    2012:12:06-15:46:31 kathargo pluto[27637]: "S_GenIP"[2] 88.128.74.137 #6: responding to Main Mode from unknown peer 88.128.74.137
     
    2012:12:06-15:46:31 kathargo pluto[27637]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #6
     
    2012:12:06-15:46:31 kathargo pluto[27637]: | next event EVENT_RETRANSMIT in 10 seconds for #6
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | 

    2012:12:06-15:46:32 kathargo pluto[27637]: | *received 236 bytes from 88.128.74.137:500 on eth1
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | ICOOKIE: 15 53 40 c0 b1 c1 40 7c 

    2012:12:06-15:46:32 kathargo pluto[27637]: | RCOOKIE: 5c 29 75 82 07 1c eb 63 

    2012:12:06-15:46:32 kathargo pluto[27637]: | peer: 58 80 4a 89 

    2012:12:06-15:46:32 kathargo pluto[27637]: | state hash entry 12 

    2012:12:06-15:46:32 kathargo pluto[27637]: | state object #6 found, in STATE_MAIN_R1
     
    2012:12:06-15:46:32 kathargo pluto[27637]: "S_GenIP"[2] 88.128.74.137 #6: NAT-Traversal: Result using RFC 3947: no NAT detected
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 60 seconds
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #6
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | next event EVENT_RETRANSMIT in 10 seconds for #6
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | 

    2012:12:06-15:46:32 kathargo pluto[27637]: | *received 76 bytes from 88.128.74.137:500 on eth1
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | ICOOKIE: 15 53 40 c0 b1 c1 40 7c 

    2012:12:06-15:46:32 kathargo pluto[27637]: | RCOOKIE: 5c 29 75 82 07 1c eb 63 

    2012:12:06-15:46:32 kathargo pluto[27637]: | peer: 58 80 4a 89 

    2012:12:06-15:46:32 kathargo pluto[27637]: | state hash entry 12 

    2012:12:06-15:46:32 kathargo pluto[27637]: | state object #6 found, in STATE_MAIN_R2
     
    2012:12:06-15:46:32 kathargo pluto[27637]: "S_GenIP"[2] 88.128.74.137 #6: Peer ID is ID_FQDN: 'GenIP.com'
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | peer CA: %none 

    2012:12:06-15:46:32 kathargo pluto[27637]: | current connection is a full match -- no need to look further
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | offered CA: %none 

    2012:12:06-15:46:32 kathargo pluto[27637]: | inserting event EVENT_SA_REPLACE, timeout in 7530 seconds for #6
     
    2012:12:06-15:46:32 kathargo pluto[27637]: "S_GenIP"[2] 88.128.74.137 #6: sent MR3, ISAKMP SA established
     
    2012:12:06-15:46:32 kathargo pluto[27637]: | next event EVENT_NAT_T_KEEPALIVE in 60 seconds
     
    2012:12:06-15:46:33 kathargo pluto[27637]: | 

    2012:12:06-15:46:33 kathargo pluto[27637]: | *received 92 bytes from 88.128.74.137:500 on eth1
     
    2012:12:06-15:46:33 kathargo pluto[27637]: | ICOOKIE: 15 53 40 c0 b1 c1 40 7c 

    2012:12:06-15:46:33 kathargo pluto[27637]: | RCOOKIE: 5c 29 75 82 07 1c eb 63 

    2012:12:06-15:46:33 kathargo pluto[27637]: | peer: 58 80 4a 89 

    2012:12:06-15:46:33 kathargo pluto[27637]: | state hash entry 12 

    2012:12:06-15:46:33 kathargo pluto[27637]: | state object #6 found, in STATE_MAIN_R3
     
    2012:12:06-15:46:33 kathargo pluto[27637]: | ICOOKIE: 15 53 40 c0 b1 c1 40 7c 

    2012:12:06-15:46:33 kathargo pluto[27637]: | RCOOKIE: 5c 29 75 82 07 1c eb 63 

    2012:12:06-15:46:33 kathargo pluto[27637]: | peer: 58 80 4a 89 

    2012:12:06-15:46:33 kathargo pluto[27637]: | state hash entry 12 

    2012:12:06-15:46:33 kathargo pluto[27637]: | state object #6 found, in STATE_MAIN_R3
     
    2012:12:06-15:46:33 kathargo pluto[27637]: "S_GenIP"[2] 88.128.74.137 #6: received Delete SA payload: deleting ISAKMP State #6
     
    2012:12:06-15:46:33 kathargo pluto[27637]: | ICOOKIE: 15 53 40 c0 b1 c1 40 7c 

    2012:12:06-15:46:33 kathargo pluto[27637]: | RCOOKIE: 5c 29 75 82 07 1c eb 63 

    2012:12:06-15:46:33 kathargo pluto[27637]: | peer: 58 80 4a 89 

    2012:12:06-15:46:33 kathargo pluto[27637]: | state hash entry 12 

    2012:12:06-15:46:33 kathargo pluto[27637]: | next event EVENT_NAT_T_KEEPALIVE in 59 seconds 


    cheers delirious