On Tue, 29 May 2018, Alex wrote:
May 29 16:30:41 orion pluto[14295]: "VPN-GDHQ-GDXO" #25: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
This indicates a packet filter somewhere along the route. Either on the host itself, on the network, or on the target host.
000 "VPN-GDHQ-GDXO": 192.168.1.0/24===68.195.199.42<68.195.199.42>[CN=orion.example.com, O=GDXO]---68.195.199.41...65.46.77.6<65.46.72.6>[CN=cyclops.example.com, O=GDXO]===64.1.11.0/27; prospective erouted; eroute owner: #0
000 "VPN-GDHQ-GDXO-2": 192.168.1.0/24===68.195.199.42<68.195.193.42>[CN=orion.example.com, O=GDXO]---68.195.199.41...65.46.77.6<65.46.72.6>[CN=cyclops.example.com, O=GDXO]===66.104.200.96/28; prospective erouted; eroute owner: #0
000 #8: "VPN-GDHQ-GDXO":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_v1_RETRANSMIT in 1s; nodpd; idle; import:admin initiate 000 #8: pending Phase 2 for "VPN-GDHQ-GDXO-2" replacing #0 000 #8: pending Phase 2 for "VPN-GDHQ-GDXO" replacing #0 000 000 Bare Shunt list: 000
This looks normal for the case where you try to setup an IPsec tunnel, but a firewall is preventing this. Paul _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
