Hi,
I have a m0n0 1.3b4 on WRAP behind DHCP DSL connection setting up a tunnel against 1.21 on PC. This configuration had been working for a week or more, and suddenly it is no longer passing traffic. The SAD and SPD for the tunnel comes up on both ends, but i can't get any traffic through it.
The messages from the 1.3b4 WRAP board are:
Dec 5 10:16:28 racoon: INFO: IPsec-SA established: ESP/Tunnel local.internet.ip[0]->remote.internet.ip[0] spi=98999321(0x5e69c19)
Dec 5 10:16:28 racoon: INFO: IPsec-SA established: ESP/Tunnel remote.internet.ip[0]->local.internet.ip[0] spi=106272964(0x65598c4)
Dec 5 10:16:28 racoon: INFO: initiate new phase 2 negotiation: local.internet.ip[500]<=>remote.internet.ip[500]
Dec 5 10:16:27 racoon: INFO: ISAKMP-SA established local.internet.ip[500]-remote.internet.ip[500] spi:b942c9fc4e89ddc2:07d2701b9ebeae48
Dec 5 10:16:27 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Dec 5 10:16:27 racoon: INFO: received Vendor ID: DPD
Dec 5 10:16:17 racoon: INFO: begin Aggressive mode.
Dec 5 10:16:17 racoon: INFO: initiate new phase 1 negotiation: local.internet.ip[500]<=>remote.internet.ip[500]
Dec 5 10:16:17 racoon: INFO: IPsec-SA request for remote.internet.ip queued due to no phase1 found.
note the 'couldn't find the proper pskey' statement, is this a potential source of the problem? i apparently had deleted the shared key at some point, but this is the message i get after restoring it and synchronizing the value (both identifier and key) at both ends.
The following is from the 1.21 side. I had deleted the SAD and SPD. note the sense of the 'local' and 'remote' have been flipped to be relative to this site.
Dec 5 10:16:28 racoon: ERROR: such policy does not already exist: "local.lan.ip/24[0] remote.lan.ip/24[0] proto=any dir=out"
Dec 5 10:16:28 racoon: ERROR: such policy does not already exist: "remote.lan.ip/24[0] local.lan.ip/24[0] proto=any dir=in"
Dec 5 10:16:28 racoon: INFO: IPsec-SA established: ESP/Tunnel local.internet.ip[0]->remote.internet.ip[0] spi=106272964(0x65598c4)
Dec 5 10:16:28 racoon: INFO: IPsec-SA established: ESP/Tunnel remote.internet.ip[0]->local.internet.ip[0] spi=98999321(0x5e69c19)
Dec 5 10:16:28 racoon: INFO: no policy found, try to generate the policy : remote.lan.ip/24[0] local.lan.ip/24[0] proto=any dir=in
Dec 5 10:16:28 racoon: INFO: respond new phase 2 negotiation: local.internet.ip[0]<=>remote.internet.ip[0]
Dec 5 10:16:27 racoon: INFO: ISAKMP-SA established local.internet.ip[500]-remote.internet.ip[500] spi:b942c9fc4e89ddc2:07d2701b9ebeae48
Dec 5 10:16:27 racoon: INFO: received Vendor ID: DPD
Dec 5 10:16:27 racoon: INFO: begin Aggressive mode.
Dec 5 10:16:27 racoon: INFO: respond new phase 1 negotiation: local.internet.ip[500]<=>remote.internet.ip[500]
the odd thing is that this used to work flawlessly...i can't tell what i'm missing