| So both agree on the tunnel and the traffic counters. It looks operational.
I wonder if there is some kind of firewall on the network that allows the initial packets but then starts blocking things ? Sent using a virtual keyboard on a phone
Hi Paul Kindly find the output of ipsec whack --showstates from both sides please. At HO000 #5: "PLUTOSUBNET":1208 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EVENT_SA_REKEY in 28511s; newest ISAKMP; idle;000 #6: "PLUTOSUBNET":1208 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA established); EVENT_SA_REKEY in 28511s; newest IPSEC; eroute owner; isakmp#5; idle;000 #6: "PLUTOSUBNET" [email protected] [email protected] [email protected] [email protected] Traffic: ESPin=168B ESPout=168B! ESPmax=0B At Site Office000 #1: "PLSUBNET":4500 STATE_V2_ESTABLISHED_IKE_SA (established IKE SA); EVENT_SA_REKEY in 27743s; newest ISAKMP; idle;000 #2: "PLSUBNET":4500 STATE_V2_ESTABLISHED_CHILD_SA (IPsec SA established); EVENT_SA_REKEY in 27984s; newest IPSEC; eroute owner; isakmp#1; idle;000 #2: "PLSUBNET" [email protected] [email protected] [email protected] [email protected] Traffic: ESPin=168B ESPout=168B! ESPmax=0B Thanks, Best BA On 2023-01-31 22:01, Paul Wouters wrote:
On Mon, 30 Jan 2023, [email protected] wrote:
I changed the HO's statement to auto=add while keeping auto=start at the Site Office. Also removed encapsulation statement at both
ends, However there is no change in status, both machines are unable to reach each other. The tunnel is getting established as
always, attaching the logs from both sides FYI.
Once the tunnel is not working, can you run on both ends:
ipsec whack --showstates
Let's see if both ends are still thinking the tunnel is up or not.
Paul
|
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
