News: This forum is now permanently frozen.
Pages: [1]
Topic: m0n0<->m0n0 - tunnels up but no traffic  (Read 1766 times)
« on: December 05, 2007, 18:45:15 »
jcims *
Posts: 2

Hi,

I have a m0n0 1.3b4 on WRAP behind DHCP DSL connection setting up a tunnel against 1.21 on PC.  This configuration had been working for a week or more, and suddenly it is no longer passing traffic.  The SAD and SPD for the tunnel comes up on both ends, but i can't get any traffic through it.

The messages from the 1.3b4 WRAP board are:

Code:
Dec 5 10:16:28 racoon: INFO: IPsec-SA established: ESP/Tunnel local.internet.ip[0]->remote.internet.ip[0] spi=98999321(0x5e69c19)
Dec 5 10:16:28 racoon: INFO: IPsec-SA established: ESP/Tunnel remote.internet.ip[0]->local.internet.ip[0] spi=106272964(0x65598c4)
Dec 5 10:16:28 racoon: INFO: initiate new phase 2 negotiation: local.internet.ip[500]<=>remote.internet.ip[500]
Dec 5 10:16:27 racoon: INFO: ISAKMP-SA established local.internet.ip[500]-remote.internet.ip[500] spi:b942c9fc4e89ddc2:07d2701b9ebeae48
Dec 5 10:16:27 racoon: NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Dec 5 10:16:27 racoon: INFO: received Vendor ID: DPD
Dec 5 10:16:17 racoon: INFO: begin Aggressive mode.
Dec 5 10:16:17 racoon: INFO: initiate new phase 1 negotiation: local.internet.ip[500]<=>remote.internet.ip[500]
Dec 5 10:16:17 racoon: INFO: IPsec-SA request for remote.internet.ip queued due to no phase1 found.

note the 'couldn't find the proper pskey' statement, is this a potential source of the problem?  i apparently had deleted the shared key at some point, but this is the message i get after restoring it and synchronizing the value (both identifier and key) at both ends.


The following is from the 1.21 side.  I had deleted the SAD and SPD. note the sense of the 'local' and 'remote' have been flipped to be relative to this site.

Code:
Dec 5 10:16:28 racoon: ERROR: such policy does not already exist: "local.lan.ip/24[0] remote.lan.ip/24[0] proto=any dir=out"
Dec 5 10:16:28 racoon: ERROR: such policy does not already exist: "remote.lan.ip/24[0] local.lan.ip/24[0] proto=any dir=in"
Dec 5 10:16:28 racoon: INFO: IPsec-SA established: ESP/Tunnel local.internet.ip[0]->remote.internet.ip[0] spi=106272964(0x65598c4)
Dec 5 10:16:28 racoon: INFO: IPsec-SA established: ESP/Tunnel remote.internet.ip[0]->local.internet.ip[0] spi=98999321(0x5e69c19)
Dec 5 10:16:28 racoon: INFO: no policy found, try to generate the policy : remote.lan.ip/24[0] local.lan.ip/24[0] proto=any dir=in
Dec 5 10:16:28 racoon: INFO: respond new phase 2 negotiation: local.internet.ip[0]<=>remote.internet.ip[0]
Dec 5 10:16:27 racoon: INFO: ISAKMP-SA established local.internet.ip[500]-remote.internet.ip[500] spi:b942c9fc4e89ddc2:07d2701b9ebeae48
Dec 5 10:16:27 racoon: INFO: received Vendor ID: DPD
Dec 5 10:16:27 racoon: INFO: begin Aggressive mode.
Dec 5 10:16:27 racoon: INFO: respond new phase 1 negotiation: local.internet.ip[500]<=>remote.internet.ip[500]

the odd thing is that this used to work flawlessly...i can't tell what i'm missing
« Last Edit: December 05, 2007, 18:49:43 by jcims »
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines