Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 30 replies
  • Subscribers 3 subscribers
  • Views 20191 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec site to site tunneling not able to see computers on remote side

NeutralSt8

I have successfully followed the instructions in the following link - https://community.sophos.com/kb/en-us/127030.

I have an indicator in the Site-to-site VPN page where Test IPsec Tunnel B indicates "1 of 1 IPsec SAs established" on the initiator and Test IPsec A with the same message showing.

Unfortunately, I cannot ping or remote desktop to any of my computers on the remote network. When I use the Sophos SSL VPN client, I am able to remote desktop to the desired systems.

The status of the end points show the following:

 

Test IPSec A: 192.168.xx1.0/24=EXTERNAL_IP_1 <-> EXTERNAL_IP_2=192.168.xx2.0/24

VPN ID: EXTERNAL_IP_1

Test IPsec Tunnel B: 192.168.xx2.0/24=EXTERNAL_IP2 <-> EXTERNAL_IP_1= 192.168.xx1.0/24

VPN ID: EXTERNAL_IP_2

 

Any suggestions will be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi NeutralSt8,

    have you ticked automatic firewall rules?

    If you have ticked can you enable the logging for this rule and show us the log?

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    Thanks for the reply. Here is the log from the initiator side of the tunnel. Let me know if you need the responder side as well.

    I have edited the actual IP's with search and replace but if you need the actual details, I can forward the actual log file that I created. I noticed that there appears to be a number of "whack messages" but I am not sure what may have initiated those comments LOL.

     

    2018:10:10-15:53:29 pluto[28116]: | crl list unlocked by 'free_crls'
    2018:10:10-15:53:29 pluto[28116]: | ocsp cache locked by 'free_ocsp_cache'
    2018:10:10-15:53:29 pluto[28116]: | ocsp cache unlocked by 'free_ocsp_cache'
    2018:10:10-15:53:29 pluto[28116]: shutting down interface lo/lo ::1
    2018:10:10-15:53:29 pluto[28116]: shutting down interface lo/lo 127.0.0.1
    2018:10:10-15:53:29 pluto[28116]: shutting down interface eth4/eth4 NETWORK_1.254
    2018:10:10-15:53:29 pluto[28116]: shutting down interface eth5/eth5 EXTERNAL_IP_1.221
    2018:10:10-15:53:29 pluto[28116]: shutting down interface tun0/tun0 10.242.2.1
    2018:10:10-15:53:29 ipsec_starter[28109]: pluto stopped after 40 ms
    2018:10:10-15:53:29 ipsec_starter[28109]: ipsec starter stopped
    2018:10:10-22:23:15 ipsec_starter[20331]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
    2018:10:10-22:23:15 pluto[20345]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
    2018:10:10-22:23:15 ipsec_starter[20337]: pluto (20345) started after 20 ms
    2018:10:10-22:23:15 pluto[20345]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: including NAT-Traversal patch (Version 0.6c) [disabled]
    2018:10:10-22:23:15 pluto[20345]: Using Linux 2.6 IPsec interface code
    2018:10:10-22:23:15 pluto[20345]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:10:10-22:23:15 pluto[20345]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:10:10-22:23:15 pluto[20345]: | authcert list locked by 'add_authcert'
    2018:10:10-22:23:15 pluto[20345]: | authcert inserted
    2018:10:10-22:23:15 pluto[20345]: | authcert list unlocked by 'add_authcert'
    2018:10:10-22:23:15 pluto[20345]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:10:10-22:23:15 pluto[20345]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:10:10-22:23:15 pluto[20345]: Changing to directory '/etc/ipsec.d/crls'
    2018:10:10-22:23:15 pluto[20345]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_LOG_DAILY, timeout in 5805 seconds
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | found lo with address 127.0.0.1
    2018:10:10-22:23:15 pluto[20345]: | found eth4 with address NETWORK_1.254
    2018:10:10-22:23:15 pluto[20345]: | found eth5 with address EXTERNAL_IP_1.221
    2018:10:10-22:23:15 pluto[20345]: | found tun0 with address 10.242.2.1
    2018:10:10-22:23:15 pluto[20345]: adding interface tun0/tun0 10.242.2.1:500
    2018:10:10-22:23:15 pluto[20345]: adding interface eth5/eth5 EXTERNAL_IP_1.221:500
    2018:10:10-22:23:15 pluto[20345]: adding interface eth4/eth4 NETWORK_1.254:500
    2018:10:10-22:23:15 pluto[20345]: adding interface lo/lo 127.0.0.1:500
    2018:10:10-22:23:15 pluto[20345]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
    2018:10:10-22:23:15 pluto[20345]: adding interface lo/lo ::1:500
    2018:10:10-22:23:15 pluto[20345]: | certs and keys locked by 'free_preshared_secrets'
    2018:10:10-22:23:15 pluto[20345]: | certs and keys unlocked by 'free_preshard_secrets'
    2018:10:10-22:23:15 pluto[20345]: loading secrets from "/etc/ipsec.secrets"
    2018:10:10-22:23:15 pluto[20345]: loaded PSK secret for EXTERNAL_IP_1.221 EXTERNAL_IP_2.202
    2018:10:10-22:23:15 pluto[20345]: | certs and keys locked by 'process_secret'
    2018:10:10-22:23:15 pluto[20345]: | certs and keys unlocked by 'process_secrets'
    2018:10:10-22:23:15 pluto[20345]: listening for IKE messages
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | from whack: got --esp=aes256-md5
    2018:10:10-22:23:15 pluto[20345]: | esp proposal: AES_CBC_256/HMAC_MD5,
    2018:10:10-22:23:15 pluto[20345]: | from whack: got --ike=aes256-md5-modp1536
    2018:10:10-22:23:15 pluto[20345]: | ike proposal: AES_CBC_256/HMAC_MD5/MODP_1536,
    2018:10:10-22:23:15 pluto[20345]: added connection description "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: | NETWORK_1.0/24===EXTERNAL_IP_1.221[EXTERNAL_IP_1.221]...EXTERNAL_IP_2.202[EXTERNAL_IP_2.202]===192.168.38.0/24
    2018:10:10-22:23:15 pluto[20345]: | ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | creating state object #1 at 0x9dfedc0
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | Queuing pending Quick Mode with EXTERNAL_IP_2.202 "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: initiating Main Mode
    2018:10:10-22:23:15 pluto[20345]: | ike proposal: AES_CBC_256/HMAC_MD5/MODP_1536,
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 156 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object not found
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I1
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [strongSwan]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: ignoring Vendor ID payload [Cisco-Unity]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [XAUTH]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [Dead Peer Detection]
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 244 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I2
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 60 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I3
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: Peer ID is ID_IPV4_ADDR: 'EXTERNAL_IP_2.202'
    2018:10:10-22:23:15 pluto[20345]: | peer CA: %none
    2018:10:10-22:23:15 pluto[20345]: | required CA: %none
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: Dead Peer Detection (RFC 3706) enabled
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_DPD, timeout in 40 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SA_REPLACE, timeout in 7048 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: ISAKMP SA established
    2018:10:10-22:23:15 pluto[20345]: | unqueuing pending Quick Mode with EXTERNAL_IP_2.202 "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: | duplicating state object #1
    2018:10:10-22:23:15 pluto[20345]: | creating state object #2 at 0x9e00c68
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
    2018:10:10-22:23:15 pluto[20345]: | esp proposal: AES_CBC_256/HMAC_MD5,
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 156 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #2 found, in STATE_QUICK_I1
    2018:10:10-22:23:15 pluto[20345]: | our client is subnet NETWORK_1.0/24
    2018:10:10-22:23:15 pluto[20345]: | our client protocol/port is 0/0
    2018:10:10-22:23:15 pluto[20345]: | peer client is subnet 192.168.38.0/24
    2018:10:10-22:23:15 pluto[20345]: | peer client protocol/port is 0/0
    2018:10:10-22:23:15 pluto[20345]: | kernel_alg_esp_auth_keylen(auth=1, sadb_aalg=2): a_keylen=16
    2018:10:10-22:23:15 pluto[20345]: | install_ipsec_sas() for #2: inbound and outbound
    2018:10:10-22:23:15 pluto[20345]: | route owner of "S_Test IPsec Tunnel B" unrouted: NULL; eroute owner: NULL
    2018:10:10-22:23:15 pluto[20345]: | add inbound eroute 192.168.38.0/24:0 -> NETWORK_1.0/24:0 => tun.10000@EXTERNAL_IP_1.221:0
    2018:10:10-22:23:15 pluto[20345]: | sr for #2: unrouted
    2018:10:10-22:23:15 pluto[20345]: | route owner of "S_Test IPsec Tunnel B" unrouted: NULL; eroute owner: NULL
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute with c: S_Test IPsec Tunnel B (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
    2018:10:10-22:23:15 pluto[20345]: | eroute_connection add eroute NETWORK_1.0/24:0 -> 192.168.38.0/24:0 => tun.0@EXTERNAL_IP_2.202:0
    2018:10:10-22:23:15 pluto[20345]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPsec Tunnel B" address="EXTERNAL_IP_1.221" local_net="NETWORK_1.0/24" remote_net="192.168.38.0/24"
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute: firewall_notified: true
    2018:10:10-22:23:15 pluto[20345]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: updown: called /sbin/ip -4 route replace 192.168.38.0/24 dev eth5 table main src NETWORK_1.254 proto ipsec metric 0 (0)
    2018:10:10-22:23:15 pluto[20345]: updown: called /usr/local/bin/ct -D -s NETWORK_1.0/24 -d 192.168.38.0/24 (0)
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute: instance "S_Test IPsec Tunnel B", setting eroute_owner {spd=0x9df6bb0,sr=0x9df6bb0} to #2 (was #0) (newest_ipsec_sa=#0)
    2018:10:10-22:23:15 pluto[20345]: | inR1_outI2: instance S_Test IPsec Tunnel B[0], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 38 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SA_REPLACE, timeout in 2629 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #2: sent QI2, IPsec SA established {ESP=>0xd19135e8 <0x27d3d29f DPD}
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_DPD_UPDATE in 38 seconds for #2
    2018:10:10-22:23:38 pluto[20345]: |
    2018:10:10-22:23:38 pluto[20345]: | *received 92 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:38 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:38 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:38 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:38 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:38 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:23:38 pluto[20345]: | received DPD notification R_U_THERE with seqno = 11459
    2018:10:10-22:23:38 pluto[20345]: | sent DPD notification R_U_THERE_ACK with seqno = 11459
    2018:10:10-22:23:38 pluto[20345]: | next event EVENT_DPD_UPDATE in 15 seconds for #2
    2018:10:10-22:23:53 pluto[20345]: |
    2018:10:10-22:23:53 pluto[20345]: | *time to handle event
    2018:10:10-22:23:53 pluto[20345]: | event after this is EVENT_DPD in 2 seconds
    2018:10:10-22:23:53 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #2
    2018:10:10-22:23:53 pluto[20345]: | next event EVENT_DPD in 2 seconds for #1
    2018:10:10-22:23:55 pluto[20345]: |
    2018:10:10-22:23:55 pluto[20345]: | *time to handle event
    2018:10:10-22:23:55 pluto[20345]: | event after this is EVENT_DPD_UPDATE in 28 seconds
    2018:10:10-22:23:55 pluto[20345]: | recent DPD activity 17 seconds ago, no need to send DPD notification
    2018:10:10-22:23:55 pluto[20345]: | inserting event EVENT_DPD, timeout in 30 seconds for #1
    2018:10:10-22:23:55 pluto[20345]: | next event EVENT_DPD_UPDATE in 28 seconds for #2
    2018:10:10-22:24:09 pluto[20345]: |
    2018:10:10-22:24:09 pluto[20345]: | *received 92 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:24:09 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:24:09 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:24:09 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:24:09 pluto[20345]: | state hash entry 11
    2018:10:10-22:24:09 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:24:09 pluto[20345]: | received DPD notification R_U_THERE with seqno = 11460
    2018:10:10-22:24:09 pluto[20345]: | sent DPD notification R_U_THERE_ACK with seqno = 11460
    2018:10:10-22:24:09 pluto[20345]: | next event EVENT_DPD_UPDATE in 14 seconds for #2
    2018:10:10-22:24:23 pluto[20345]: |
    2018:10:10-22:24:23 pluto[20345]: | *time to handle event
    2018:10:10-22:24:23 pluto[20345]: | event after this is EVENT_DPD in 2 seconds
    2018:10:10-22:24:23 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #2
    2018:10:10-22:24:23 pluto[20345]: | next event EVENT_DPD in 2 seconds for #1
    2018:10:10-22:24:25 pluto[20345]: |
    2018:10:10-22:24:25 pluto[20345]: | *time to handle event
    2018:10:10-22:24:25 pluto[20345]: | event after this is EVENT_DPD_UPDATE in 28 seconds
    2018:10:10-22:24:25 pluto[20345]: | recent DPD activity 16 seconds ago, no need to send DPD notification
    2018:10:10-22:24:25 pluto[20345]: | inserting event EVENT_DPD, timeout in 30 seconds for #1
    2018:10:10-22:24:25 pluto[20345]: | next event EVENT_DPD_UPDATE in 28 seconds for #2

  • 0 in reply to DKKDG

    Not sure what I should be looking for in the firewall logs.

    Sorry a bit of a amateur with the debugging. What should I be looking for? When I attempt RDP to my remote server, no entries appear for the IP that I am trying to query.

  • 0 in reply to DKKDG

    BTW thanks for the follow up replies

  • 0 in reply to NeutralSt8

    Hi NeutralSt8,

    the IPSec log is not needed.
    The packetfilter log ist what i meant.

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    So I finally got a log entry with the desired IP of the system I am trying to RDP to:

    2018:10:16-10:52:41 sikanni pluto[18794]: "S_Test IPSec A"[4] 24.xxx.xxx.xx1 #23: cannot respond to IPsec SA request because no connection is known for 192.68.38.250/32===184.xxx.xxx.xx2[184.xxx.xxx.xx2]...24.xxx.xxx.xx1[24.xxx.xxx.xx1]===204.xxx.xxx.0/24
    2018:10:16-10:52:41 sikanni pluto[18794]: "S_Test IPSec A"[4] 24.xxx.xxx.xx1 #23: sending encrypted notification INVALID_ID_INFORMATION to 24.xxx.xxx.xx1:500

    to get to this stage, I created a direct definition for the host in the IPSec site-to-site settings. At least I am seeing that UTM is looking for the system.

  • 0 in reply to DKKDG

    So I created another set of connection definitions and my tunnel appears to be working. However, I am still unable to RDP to the system. I can ping my destination from my local UTM using the Tools - Ping Check.

    Where do I go to define the access to the remote computers? Assume my local subnet is 192.168.200.xxx and I am trying to access the remote computers on 192.168.100.xxx?

    I would have thought the definitions described in the Remote Gateway(s) would take care of it .. no?

  • 0 in reply to NeutralSt8

    You might try working through #1 in Rulz.

    Please show pictures of the Edits of the Remote Gateway and IPsec Connection from both sides.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to NeutralSt8

    Yeah, that all looks perfect.  If you did #1 in Rulz, then that just leaves a routing issue.  When you try to RDP to the server, are you using a numeric IP or a name?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I am using an IP address.

    What I had been attempting to do was to switch over from the SSL VPN client connection to the IPSec site to site. When I turn off the IPSec, I am still able to connect with the SSL client and RDP to the server. When I switch back to the IPSec connection, I am no longer able to get to RDP to the same system.

    Are there routing settings that will interfere with one connection and not the other?

    I would have assumed that once the connection(s) is made, the routing would be the same.

    I do have some web servers on the Services side (respondent) of the connection that are using the Webserver Protection functions

    Pretty generic stuff.

  • 0 in reply to BAlfson

    After making another attempt at RDP, I have grabbed a screenshot of the threats on the Dashboard

     

    Opening the Firewall log, a search for 192.168.38.250 shows no entry for that action.

    I have looked through Rules 3/3.1 and I can't see anything that would apply to me: don't have 2-NICs on same subnet, have not added any interfaces, as there is only the single WAN and single LAN interface enabled.

    The request just seems to go into the ether .. bad joke.

Reply
  • 0 in reply to BAlfson

    After making another attempt at RDP, I have grabbed a screenshot of the threats on the Dashboard

     

    Opening the Firewall log, a search for 192.168.38.250 shows no entry for that action.

    I have looked through Rules 3/3.1 and I can't see anything that would apply to me: don't have 2-NICs on same subnet, have not added any interfaces, as there is only the single WAN and single LAN interface enabled.

    The request just seems to go into the ether .. bad joke.

Children
  • 0 in reply to NeutralSt8

    So, are we down to the firewall on the server you're trying to reach?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    It seems that way.

    So just to confirm:

    Site-to-Site IPsec SAs established with settings as shown from office network to services network

    RDP connection attempt from office to services network fails

    While still site-to-site connected, connect to services network using the Sophos SSL VPN client.

    RDP connection to services server is successful.

    Disconnect SSL VPN client causes the RDP session to fail.

     

    So how do the routing values change between the 2 connections?

     

    I had been using the SSL client as the primary connection in the past and had always been able to RDP connect to desired computers on the services network.

     

    Thanks again for following up on this.

    Cheers,

  • 0 in reply to BAlfson

    So I can ping the computer that I am trying to reach from the Initiator side but I cannot reach the computers from the Responder side. I did not think it was necessary to specify a service for the network - as I mentioned, the SSL works without any additional service definitions.

    Is that how the connection should work or should the connection be seamless (that is how I expected it once the connection is established)?

  • 0 in reply to BAlfson

    So I have 2 home office connections, 1 fixed IP and 1 DHCP connection to my provider.

    My frustrating tests have all been attempts to test the site to site connection between these 2 connections, which is still failing.

    Using the same UTM routers, I have successfully made a site to site connection between my fixed IP UTM router and an associates fixed IP UTM router.

    No additional changes were made to my end of the settings. I am able to RDP to their server and everything is as it is expected to be.

    Question - why the difference? Should the UTM realize that one end of the connection is an IP address that was DHCP generated and treat it differently than if the IP address was fixed? Why would it need to know and why would it treat it differently?

    Or is this totally not related?

  • 0 in reply to NeutralSt8

    Again, I suspect the firewall in the server you're unable to RDP into.  It evidently blocks traffic not from its subnet or the "VPN Pool (SSL)" subnet.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Does it make sense that the router that is letting me make an RDP connection out would at the same time block coming in? I believe all my firewall rules are symmetrical to the service that they are allowing.

  • 0 in reply to BAlfson

    So I just SSL client logged onto my associates network which has the site to site connection to my network that I am trying to connect to.

    I RDP'd to a computer on the network and opened an RDP to my server that I had been trying to connect to and it worked.

     

    Current desktop (local) --> Sophos SSL VPN Client --> Associate site 1 <-site to site--> Local remote site 2 --> Remote server

     

    The only difference thus far has been the external DHCP IP on my local network.

  • 0 in reply to BAlfson

    I logged in directly to the system on the network here and am still able to RDP to the remote system on my associates network connected only by the site-to-site connection.

Unfiltered HTML