I'll have to get the info from the new datacenter on the Fortigate side. Sorry, should have specified where the log came from... which was the ClearOS box.
Thank you, _____________________________ Cameron Cooper System Administrator | CompTIA A+ Certified Aurico Phone: 847-890-4021 | Fax: 847-255-1896 [email protected] | www.aurico.com From: Jeff Frantz [mailto:[email protected]] Sent: Wednesday, April 13, 2011 3:12 PM To: NT System Admin Issues Subject: RE: Linux FW vpn tunnel to Fortigate What does the Fortigate side look like? I know others have gotten Openswan and Fortigate working. Also, you may want to search the Openswan archives: http://lists.openswan.org/pipermail/users/ Maybe post a message to the Openswan list. -Jeff From: Cameron Cooper [mailto:[email protected]] Sent: Wednesday, April 13, 2011 1:31 PM To: NT System Admin Issues Subject: Linux FW vpn tunnel to Fortigate All, We are trying to setup a VPN tunnel between a ClearOS firewall (using OpenSwan IPSec) to a Fortigate Firewall. Here's the point that it looks like it's failing to connect: 000 #1: "hqnetaurc9-satnetaurc9":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENY_RETRANSMIT in 26s; nodpd; idle; import:admin initiate 000 #1: pending Phase 2 for "hqgateaurc9-satgateaurc9" replacing #0 000 #1: pending Phase 2 for "hqnetaurc9-satnetaurc9" replacing #0 Here's what our ipsec.conf file looks like: #confi setup # kilpsdebug=all # plutodebug=all Config setup Interfaces=%defaultroute Protostack=netkey Kilpsdebug=none Plutodebug=none Virtual_private=%v4:{our office subnet},%v4:{remote office subnet} Conn %default Authby=secret Auto=start Rightupdown=/usr/libexec/ipsec/_updown.app Leftupdown=/usr/libexec/ipsec/_updown.app Conn fortigate Type=tunnel Auto=add Left={main office ip} Leftsubnet={main office subnet} Leftnexthop=%defaultroute Leftid=%any Right={remote office ip} Rightsubnet={remote subnet} Rightnexthop=%defaultroute Righted=-%any Keyexchange=ike Ike=3des Ikelifetime=28800s Auth=esp Authby=secret Esp=3des Compress=no Pfs=yes Auto=add Rekey=yes Any ideas? Thank you, _____________________________ Cameron Cooper System Administrator | CompTIA A+ Certified Aurico Phone: 847-890-4021 | Fax: 847-255-1896 [email protected] | www.aurico.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
