Hello,
I have a problem with IPSec on Bering router.
I have one router/firewall (Bering) with 2.4.18 kernel. The Lan is 192.168.1.0 /24
(address of the router : 192.168.1.254) . The external IP address is 172.16.10.1 (mask
255.255.0.0). I have IPSec version 1.97.
The other router is a Bering router with 2.4.20 kernel. The Lan is 10.0.0.0/8 (address
of the router : 10.0.0.83). The external IP address is 172.16.10.4 (mask 255.255.0.0).
I have IPSec version 1.99.6.2.
The ipsec.conf file on the first router is :
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=all
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# connection de test entre Bic et Exodus
conn Bic-Exodus
left=%defaultroute
leftsubnet=192.168.1.0/24
leftnexthop=
right=172.16.10.4
rightsubnet=10.0.0.0/8
rightnexthop=<gateway of the second router>
auto=start
authby=rsasig
leftrsasigkey=0sAQOKGduouVCa7t6wwdgCbdJfT7q7eH59KBU8Cey6Ikohq3FQffLKIhvbihcklXX91ZZXzXADRkagdyDkJ9dqCp7RHiiQOd1gRI3Gf4m1d9ZFHv0gm0oHnVBjqJwA+whugOQDCEh3Ya884y2qdz7cW+2VYfTehWwFVw+JVTMNSKv/hw==
rightrsasigkey=0sAQOH3JtWlFtIDdAmhgcUz2U+jqEP7iyUTz6pO03hB++wQYMY2JI2d5PgC96HTs0DdLrJAgAcwjRJ4vSSOZejifbQVCCIFVmbWImdoh8BB5IOizW/Jkerp6Mr3L+VlBUoUCPAWrx5OvqcBsIuP7ySy9CgtrJc1YkFc0cV9tMQvkbgGQ==
The ipsec.conf on the second router is :
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=all
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# connection de test entre Bic et Exodus
conn Bic-Exodus
left=172.16.10.1
leftsubnet=192.168.1.0/24
leftnexthop=<gateway of the first router>
right=%defaultroute
rightsubnet=10.0.0.0/8
rightnexthop=
auto=start
authby=rsasig
leftrsasigkey=0sAQOKGduouVCa7t6wwdgCbdJfT7q7eH59KBU8Cey6Ikohq3FQffLKIhvbihcklXX91ZZXzXADRkagdyDkJ9dqCp7RHiiQOd1gRI3Gf4m1d9ZFHv0gm0oHnVBjqJwA+whugOQDCEh3Ya884y2qdz7cW+2VYfTehWwFVw+JVTMNSKv/hw==
rightrsasigkey=0sAQOH3JtWlFtIDdAmhgcUz2U+jqEP7iyUTz6pO03hB++wQYMY2JI2d5PgC96HTs0DdLrJAgAcwjRJ4vSSOZejifbQVCCIFVmbWImdoh8BB5IOizW/Jkerp6Mr3L+VlBUoUCPAWrx5OvqcBsIuP7ySy9CgtrJc1YkFc0cV9tMQvkbgGQ==
When I look the route on the routers, everything seem ok.
When I look the syslog on the first router, I have this :
Oct 17 12:26:17 exodus ipsec__plutorun: 104 "Bic-Exodus" #1: STATE_MAIN_I1: initiate
Oct 17 12:26:17 exodus ipsec__plutorun: 106 "Bic-Exodus" #1: STATE_MAIN_I2: sent MI2,
expecting MR2
Oct 17 12:26:17 exodus ipsec__plutorun: 108 "Bic-Exodus" #1: STATE_MAIN_I3: sent MI3,
expecting MR3
Oct 17 12:26:17 exodus ipsec__plutorun: 004 "Bic-Exodus" #1: STATE_MAIN_I4: ISAKMP SA
established
Oct 17 12:26:17 exodus ipsec__plutorun: 112 "Bic-Exodus" #2: STATE_QUICK_I1: initiate
Oct 17 12:26:17 exodus ipsec__plutorun: 004 "Bic-Exodus" #2: STATE_QUICK_I2: sent QI2,
IPsec SA established
When I look the syslog on the second router, I have this :
Oct 17 14:27:44 bic kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
So the problem seems to be on the second router.
But I don't have any idea about the origin of the problem.
Does somebody can help me?
Regards
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
