Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 4079 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec cannot change local Interface

oherbst
Hello,

we have a VPN IPSec to some of our Customers. Now we need to change the local Interface from eth1 to eth4 because we have a new WAN with new IP´s.
The first VPN works without any Problem. But when we edit the second IPSec VPN and change the "local Interface" we get the following error in the Log and the Connection does not come up.
 
2013:06:04-10:10:09 firewall pluto[16355]: listening for IKE messages
2013:06:04-10:10:09 firewall pluto[16355]: forgetting secrets
2013:06:04-10:10:09 firewall pluto[16355]: loading secrets from "/etc/ipsec.secrets"
2013:06:04-10:10:09 firewall pluto[16355]: loaded PSK secret for 195.243.120.218 212.218.135.2
2013:06:04-10:10:09 firewall pluto[16355]: loaded PSK secret for 195.243.120.218 217.6.233.202
2013:06:04-10:10:09 firewall ipsec_starter[16354]: no default route - cannot cope with %defaultroute!!!
2013:06:04-10:10:09 firewall pluto[16355]: added connection description "S_Erwin_Mueller"
2013:06:04-10:10:09 firewall pluto[16355]: "S_Erwin_Mueller" #169: initiating Main Mode
2013:06:04-10:10:09 firewall pluto[16355]: ERROR: "S_Erwin_Mueller" #169: sendto on eth4 to 217.6.233.202:500 failed in main_outI1. Errno 1: Operation not permitted
2013:06:04-10:10:09 firewall pluto[16355]: forgetting secrets
2013:06:04-10:10:09 firewall pluto[16355]: loading secrets from "/etc/ipsec.secrets"
2013:06:04-10:10:09 firewall pluto[16355]: loaded PSK secret for 195.243.120.218 212.218.135.2
2013:06:04-10:10:09 firewall pluto[16355]: loaded PSK secret for 195.243.120.218 217.6.233.202
2013:06:04-10:10:09 firewall pluto[16355]: loading ca certificates from '/etc/ipsec.d/cacerts'
2013:06:04-10:10:09 firewall pluto[16355]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2013:06:04-10:10:09 firewall pluto[16355]: loading aa certificates from '/etc/ipsec.d/aacerts'
2013:06:04-10:10:09 firewall pluto[16355]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2013:06:04-10:10:09 firewall pluto[16355]: loading attribute certificates from '/etc/ipsec.d/acerts'
2013:06:04-10:10:09 firewall pluto[16355]: Changing to directory '/etc/ipsec.d/crls'
2013:06:04-10:10:19 firewall pluto[16355]: ERROR: "S_Erwin_Mueller" #169: sendto on eth4 to 217.6.233.202:500 failed in EVENT_RETRANSMIT. Errno 1: Operation not permitted 

I checked with our Customer but they have no Log for the Connection. it seems the VPN does not finding the Way to them.

Any Ideas?

Regards


This thread was automatically locked due to age.
  • 0
    Found it!!

    The Remote Gateway was bound to the "old" WAN-Interface"....
    changed it to the new one and it works.

    You only see it in the Networkdefinition for the remotegatewy not in the VPN- Config.

    Regards
  • 0 in reply to oherbst
    It's one of the unwritten rules:
    Never bind a netwok definition to a specific interface. Always leave with interface !

    ----------
    Sophos user, admin and reseller.
    Private Setup:

    • XG: HPE DL20 Gen9 (Core i3-7300, 8GB RAM, 120GB SSD) | XG 18.0 (Home License) with: Web Protection, Site-to-Site-VPN (IPSec, RED-Tunnel), Remote Access (SSL, HTML5)
    • UTM: 2 vCPUs, 2GB RAM, 50GB vHDD, 2 vNICs on vServer (KVM) | UTM 9.7 (Home License) with: Email Protection, Webserver Protection, RED-Tunnel (server)
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML