Title: IPSec net2net not working in 3.3.0
Post by: soletmod on Tuesday 05 March 2019, 06:42:03 pm
I have attempted to set up an ipsec connection between a 3.3.0 box that is directly on a modem as the public interface and a 3.3.0 box that is behind a nat but is on the DMZ i cannot get a connection and the only error is:
any ideas?
Code:
Security Associations (0 up, 0 connecting):
no match
any ideas?
Title: Re: IPSec net2net not working in 3.3.0
Post by: Dark-Vex on Monday 11 March 2019, 07:17:46 pm
Hello,
from the output it seems that the ipsec configuration file was not generated, try from SSH this command:
restartipsec --force
Daniele
from the output it seems that the ipsec configuration file was not generated, try from SSH this command:
restartipsec --force
Daniele
Title: Re: IPSec net2net not working in 3.3.0
Post by: soletmod on Tuesday 12 March 2019, 04:42:11 am
the force restart did not fix the issue. the one thing i am questioning most is that the certificate that these machines are using show a red-interface ip address different than what they are actually using. the machines were built in a test environment then put into production with their then-updated external ip addresses. do i need to generate new certs? if so, i have no idea what i'm supposed to use for PKCS12 file passwords (full disclosure, i am more of a software writer than a network person). below is the full (redacted) output from connection details after running the force restart:
Code:
Status of IKE charon daemon (weakSwan 5.3.5, Linux 4.4.145.e2.1, x86_64):
uptime: 4 minutes, since Mar 11 12:35:35 2019
malloc: sbrk 2859008, mmap 0, used 539584, free 2319424
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon ldap aes des blowfish rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp agent xcbc cmac hmac curl attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-sim eap-aka eap-aka-3gpp2 eap-simaka-pseudonym eap-simaka-reauth eap-md5 eap-gtc eap-mschapv2 eap-radius xauth-generic xauth-pam dhcp lookip addrblock
Listening IP addresses:
RED
GREEN
Connections:
Name: LOCAL...REMOTE IKEv1/2, dpddelay=30s
Name: local: [LOCAL] uses pre-shared key authentication
Name: remote: [REMOTE] uses pre-shared key authentication
Name: child: 192.168.84.0/24 === 192.168.19.0/24 TUNNEL, dpdaction=restart
Security Associations (0 up, 0 connecting):
no match
Title: Re: IPSec net2net not working in 3.3.0
Post by: Dark-Vex on Monday 18 March 2019, 07:34:44 pm
Yes it can be a certificate problem but you should see it in the logs
What's the output of:
ipsec up <your-tunnel-name>
and the output of:
cat /var/log/ipsec/ipsec.log
after trying to bring up the tunnel?
What's the output of:
ipsec up <your-tunnel-name>
and the output of:
cat /var/log/ipsec/ipsec.log
after trying to bring up the tunnel?
Title: Re: IPSec net2net not working in 3.3.0
Post by: thaobn20 on Friday 11 December 2020, 10:40:11 am
The same problem, any change please help me
Title: Re: IPSec net2net not working in 3.3.0
Post by: thaobn20 on Tuesday 22 December 2020, 02:09:00 pm
Yes it can be a certificate problem but you should see it in the logs
What's the output of:
ipsec up <your-tunnel-name>
and the output of:
cat /var/log/ipsec/ipsec.log
after trying to bring up the tunnel?
What's the output of:
ipsec up <your-tunnel-name>
and the output of:
cat /var/log/ipsec/ipsec.log
after trying to bring up the tunnel?
i have procced, but not success
I have been reinstall two Endian but the status connecting everyday
Title: Re: IPSec net2net not working in 3.3.0
Post by: thaobn20 on Friday 25 December 2020, 06:17:53 pm
hello some body help me
I can do it, IPSec not working
I can do it, IPSec not working
Title: hi!
Post by: MariMow on Friday 01 July 2022, 02:19:55 pm
Quote
the force restart did not fix the issue. the one thing i am questioning most is that the certificate that these machines are using show a red-interface ip address different than what they are actually using. the machines were built in a test environment then put into production with their then-updated external ip addresses. do i need to generate new certs? if so, i have no idea what i'm supposed to use for PKCS12 file passwords (full disclosure, i am more of a software writer than a network person). below is the full (redacted) output from connection details after running the force restart:Code:
Your kind words warmed my heart))