Hi Keith, the problem is on the other side because the peer is not responding. Do you have any logs from the peer side?
Andreas Keith Smith wrote: > Hey folks, > > I'm a complete newbie who has inherited this IpSec solution from my > predecessor. > I have two working tunnels and one which fails. > It failed after my colleague restarted ISECP on the firewall/vpn box on > Gentoo. > > The error I get from ipsec status is > > 000 "bir-ams": > xx.xx.xx.xx/24===xx.xx.xx.xx.---xx.xx.xx.xx...xx.xx.xx.xx---xx.xx.xx.xx=== > xx.xx.xx.xx/16; erouted HOLD; eroute owner: #0 > 000 "bir-ams": ike_life: 28800s; ipsec_life: 1800s; rekey_margin: 180s; > rekey_fuzz: 33%; keyingtries: 0 > 000 "bir-ams": policy: PSK+ENCRYPT+TUNNEL+UP; prio: 24,16; interface: > eth1; > 000 "bir-ams": newest ISAKMP SA: #0; newest IPsec SA: #0; > 000 "bir-ams": IKE algorithms wanted: 5_000-2-5, 5_000-2-2, 5_000-1-5, > 5_000-1-2, > 000 "bir-ams": IKE algorithms found: 5_192-2_160-5, 5_192-2_160-2, > 5_192-1_128-5, 5_192-1_128-2, > 000 "bir-ams": ESP algorithms wanted: 3_000-1, 3_000-2, > 000 "bir-ams": ESP algorithms loaded: 3_192-1_128, 3_192-2_160, > > the line IKE newest is missing if I compare with a working tunnel > > My firewall log shoes me that > max number of retransmissions (2) reached STATE_MAIN_I1. No response (or > no acceptable response) to our first IKE message > > So I know it's failing at an early stage of negotiation. > Please help. > are there any debugging options I can use that will give me more data so I > can tell exactly where the failure occurs. > > Thanks in advance ====================================================================== Andreas Steffen andreas.stef...@strongswan.org strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
