Re: [strongSwan] Don't know where to start

Thu, 27 Apr 2017 06:12:35 -0700 

Hello René,

On 27.04.2017 14:12, Rene Maurer wrote:
> Sorry for not answering so long.
> Unfortunately the problem is still pending.
> 
> The remote site (which I cannot control for now) says that
> the tunnel is up and running (!) but on my site I still ha> 
> Security Associations (1 up, 0 connecting):
>         home[1]: CONNECTING,
> 
> and this should be ESTABLISHED I think? (a ping from my site 10.4.48.5 to
> the remote site 10.4.30.11 is not possible).

Well, what the remote side's personell is telling you isn't true then.

> 
> Still I do not see a response to child_sa  ikev2_auth[I]:
> 11:26:44.073488 IP 10.0.54.146.500 > 83.137.25.197.500: isakmp: parent_sa 
> ikev2_init[I]
> 11:26:45.256562 IP 83.137.25.197.500 > 10.0.54.146.500: isakmp: parent_sa 
> ikev2_init[R]
> 11:26:45.379980 IP 10.0.54.146.4500 > 83.137.25.197.4500: NONESP-encap: 
> isakmp: child_sa  ikev2_auth[I]
> 11:26:49.388349 IP 10.0.54.146.4500 > 83.137.25.197.4500: NONESP-encap: 
> isakmp: child_sa  ikev2_auth[I]

Obviously the remote peer does not respond to the request.

> 
> Do you agree that is the source of the problem?
> 

Yes.

> In case I switch "type=tunnel" to "type=transport" I see (as expected):
> 11:25:22.706710 IP 10.0.54.146.500 > 83.137.25.197.500: isakmp: parent_sa 
> ikev2_init[I]
> 11:25:23.752559 IP 83.137.25.197.500 > 10.0.54.146.500: isakmp: parent_sa 
> ikev2_init[R]
> 11:25:23.884131 IP 10.0.54.146.4500 > 83.137.25.197.4500: NONESP-encap: 
> isakmp: child_sa  ikev2_auth[I]
> 11:25:24.003467 IP 83.137.25.197.4500 > 10.0.54.146.4500: NONESP-encap: 
> isakmp: child_sa  ikev2_auth[R]
> 
> But transport is not what i want, I assume....

Yes, you don't need transport mode.

> 
> Do you have an idea what I can do without having full access to the remote 
> site?
> 

Acquire full access, educate the personell that runs it or try to apply 
pressure from the superiors.

Kind regards,
Noel

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to