This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec site to site tunneling not able to see computers on remote side

I have successfully followed the instructions in the following link - https://community.sophos.com/kb/en-us/127030.

I have an indicator in the Site-to-site VPN page where Test IPsec Tunnel B indicates "1 of 1 IPsec SAs established" on the initiator and Test IPsec A with the same message showing.

Unfortunately, I cannot ping or remote desktop to any of my computers on the remote network. When I use the Sophos SSL VPN client, I am able to remote desktop to the desired systems.

The status of the end points show the following:

 

Test IPSec A: 192.168.xx1.0/24=EXTERNAL_IP_1 <-> EXTERNAL_IP_2=192.168.xx2.0/24

VPN ID: EXTERNAL_IP_1

Test IPsec Tunnel B: 192.168.xx2.0/24=EXTERNAL_IP2 <-> EXTERNAL_IP_1= 192.168.xx1.0/24

VPN ID: EXTERNAL_IP_2

 

Any suggestions will be appreciated.



This thread was automatically locked due to age.
Parents
  • Hi NeutralSt8,

    have you ticked automatic firewall rules?

    If you have ticked can you enable the logging for this rule and show us the log?

    Best Regards
    DKKDG

  • Thanks for the reply. Here is the log from the initiator side of the tunnel. Let me know if you need the responder side as well.

    I have edited the actual IP's with search and replace but if you need the actual details, I can forward the actual log file that I created. I noticed that there appears to be a number of "whack messages" but I am not sure what may have initiated those comments LOL.

     

    2018:10:10-15:53:29 pluto[28116]: | crl list unlocked by 'free_crls'
    2018:10:10-15:53:29 pluto[28116]: | ocsp cache locked by 'free_ocsp_cache'
    2018:10:10-15:53:29 pluto[28116]: | ocsp cache unlocked by 'free_ocsp_cache'
    2018:10:10-15:53:29 pluto[28116]: shutting down interface lo/lo ::1
    2018:10:10-15:53:29 pluto[28116]: shutting down interface lo/lo 127.0.0.1
    2018:10:10-15:53:29 pluto[28116]: shutting down interface eth4/eth4 NETWORK_1.254
    2018:10:10-15:53:29 pluto[28116]: shutting down interface eth5/eth5 EXTERNAL_IP_1.221
    2018:10:10-15:53:29 pluto[28116]: shutting down interface tun0/tun0 10.242.2.1
    2018:10:10-15:53:29 ipsec_starter[28109]: pluto stopped after 40 ms
    2018:10:10-15:53:29 ipsec_starter[28109]: ipsec starter stopped
    2018:10:10-22:23:15 ipsec_starter[20331]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
    2018:10:10-22:23:15 pluto[20345]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
    2018:10:10-22:23:15 ipsec_starter[20337]: pluto (20345) started after 20 ms
    2018:10:10-22:23:15 pluto[20345]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: including NAT-Traversal patch (Version 0.6c) [disabled]
    2018:10:10-22:23:15 pluto[20345]: Using Linux 2.6 IPsec interface code
    2018:10:10-22:23:15 pluto[20345]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:10:10-22:23:15 pluto[20345]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:10:10-22:23:15 pluto[20345]: | authcert list locked by 'add_authcert'
    2018:10:10-22:23:15 pluto[20345]: | authcert inserted
    2018:10:10-22:23:15 pluto[20345]: | authcert list unlocked by 'add_authcert'
    2018:10:10-22:23:15 pluto[20345]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:10:10-22:23:15 pluto[20345]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:10:10-22:23:15 pluto[20345]: Changing to directory '/etc/ipsec.d/crls'
    2018:10:10-22:23:15 pluto[20345]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_LOG_DAILY, timeout in 5805 seconds
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | found lo with address 127.0.0.1
    2018:10:10-22:23:15 pluto[20345]: | found eth4 with address NETWORK_1.254
    2018:10:10-22:23:15 pluto[20345]: | found eth5 with address EXTERNAL_IP_1.221
    2018:10:10-22:23:15 pluto[20345]: | found tun0 with address 10.242.2.1
    2018:10:10-22:23:15 pluto[20345]: adding interface tun0/tun0 10.242.2.1:500
    2018:10:10-22:23:15 pluto[20345]: adding interface eth5/eth5 EXTERNAL_IP_1.221:500
    2018:10:10-22:23:15 pluto[20345]: adding interface eth4/eth4 NETWORK_1.254:500
    2018:10:10-22:23:15 pluto[20345]: adding interface lo/lo 127.0.0.1:500
    2018:10:10-22:23:15 pluto[20345]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
    2018:10:10-22:23:15 pluto[20345]: adding interface lo/lo ::1:500
    2018:10:10-22:23:15 pluto[20345]: | certs and keys locked by 'free_preshared_secrets'
    2018:10:10-22:23:15 pluto[20345]: | certs and keys unlocked by 'free_preshard_secrets'
    2018:10:10-22:23:15 pluto[20345]: loading secrets from "/etc/ipsec.secrets"
    2018:10:10-22:23:15 pluto[20345]: loaded PSK secret for EXTERNAL_IP_1.221 EXTERNAL_IP_2.202
    2018:10:10-22:23:15 pluto[20345]: | certs and keys locked by 'process_secret'
    2018:10:10-22:23:15 pluto[20345]: | certs and keys unlocked by 'process_secrets'
    2018:10:10-22:23:15 pluto[20345]: listening for IKE messages
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | from whack: got --esp=aes256-md5
    2018:10:10-22:23:15 pluto[20345]: | esp proposal: AES_CBC_256/HMAC_MD5,
    2018:10:10-22:23:15 pluto[20345]: | from whack: got --ike=aes256-md5-modp1536
    2018:10:10-22:23:15 pluto[20345]: | ike proposal: AES_CBC_256/HMAC_MD5/MODP_1536,
    2018:10:10-22:23:15 pluto[20345]: added connection description "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: | NETWORK_1.0/24===EXTERNAL_IP_1.221[EXTERNAL_IP_1.221]...EXTERNAL_IP_2.202[EXTERNAL_IP_2.202]===192.168.38.0/24
    2018:10:10-22:23:15 pluto[20345]: | ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | creating state object #1 at 0x9dfedc0
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | Queuing pending Quick Mode with EXTERNAL_IP_2.202 "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: initiating Main Mode
    2018:10:10-22:23:15 pluto[20345]: | ike proposal: AES_CBC_256/HMAC_MD5/MODP_1536,
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 156 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object not found
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I1
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [strongSwan]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: ignoring Vendor ID payload [Cisco-Unity]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [XAUTH]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [Dead Peer Detection]
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 244 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I2
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 60 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I3
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: Peer ID is ID_IPV4_ADDR: 'EXTERNAL_IP_2.202'
    2018:10:10-22:23:15 pluto[20345]: | peer CA: %none
    2018:10:10-22:23:15 pluto[20345]: | required CA: %none
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: Dead Peer Detection (RFC 3706) enabled
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_DPD, timeout in 40 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SA_REPLACE, timeout in 7048 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: ISAKMP SA established
    2018:10:10-22:23:15 pluto[20345]: | unqueuing pending Quick Mode with EXTERNAL_IP_2.202 "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: | duplicating state object #1
    2018:10:10-22:23:15 pluto[20345]: | creating state object #2 at 0x9e00c68
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
    2018:10:10-22:23:15 pluto[20345]: | esp proposal: AES_CBC_256/HMAC_MD5,
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 156 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #2 found, in STATE_QUICK_I1
    2018:10:10-22:23:15 pluto[20345]: | our client is subnet NETWORK_1.0/24
    2018:10:10-22:23:15 pluto[20345]: | our client protocol/port is 0/0
    2018:10:10-22:23:15 pluto[20345]: | peer client is subnet 192.168.38.0/24
    2018:10:10-22:23:15 pluto[20345]: | peer client protocol/port is 0/0
    2018:10:10-22:23:15 pluto[20345]: | kernel_alg_esp_auth_keylen(auth=1, sadb_aalg=2): a_keylen=16
    2018:10:10-22:23:15 pluto[20345]: | install_ipsec_sas() for #2: inbound and outbound
    2018:10:10-22:23:15 pluto[20345]: | route owner of "S_Test IPsec Tunnel B" unrouted: NULL; eroute owner: NULL
    2018:10:10-22:23:15 pluto[20345]: | add inbound eroute 192.168.38.0/24:0 -> NETWORK_1.0/24:0 => tun.10000@EXTERNAL_IP_1.221:0
    2018:10:10-22:23:15 pluto[20345]: | sr for #2: unrouted
    2018:10:10-22:23:15 pluto[20345]: | route owner of "S_Test IPsec Tunnel B" unrouted: NULL; eroute owner: NULL
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute with c: S_Test IPsec Tunnel B (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
    2018:10:10-22:23:15 pluto[20345]: | eroute_connection add eroute NETWORK_1.0/24:0 -> 192.168.38.0/24:0 => tun.0@EXTERNAL_IP_2.202:0
    2018:10:10-22:23:15 pluto[20345]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPsec Tunnel B" address="EXTERNAL_IP_1.221" local_net="NETWORK_1.0/24" remote_net="192.168.38.0/24"
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute: firewall_notified: true
    2018:10:10-22:23:15 pluto[20345]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: updown: called /sbin/ip -4 route replace 192.168.38.0/24 dev eth5 table main src NETWORK_1.254 proto ipsec metric 0 (0)
    2018:10:10-22:23:15 pluto[20345]: updown: called /usr/local/bin/ct -D -s NETWORK_1.0/24 -d 192.168.38.0/24 (0)
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute: instance "S_Test IPsec Tunnel B", setting eroute_owner {spd=0x9df6bb0,sr=0x9df6bb0} to #2 (was #0) (newest_ipsec_sa=#0)
    2018:10:10-22:23:15 pluto[20345]: | inR1_outI2: instance S_Test IPsec Tunnel B[0], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 38 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SA_REPLACE, timeout in 2629 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #2: sent QI2, IPsec SA established {ESP=>0xd19135e8 <0x27d3d29f DPD}
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_DPD_UPDATE in 38 seconds for #2
    2018:10:10-22:23:38 pluto[20345]: |
    2018:10:10-22:23:38 pluto[20345]: | *received 92 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:38 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:38 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:38 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:38 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:38 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:23:38 pluto[20345]: | received DPD notification R_U_THERE with seqno = 11459
    2018:10:10-22:23:38 pluto[20345]: | sent DPD notification R_U_THERE_ACK with seqno = 11459
    2018:10:10-22:23:38 pluto[20345]: | next event EVENT_DPD_UPDATE in 15 seconds for #2
    2018:10:10-22:23:53 pluto[20345]: |
    2018:10:10-22:23:53 pluto[20345]: | *time to handle event
    2018:10:10-22:23:53 pluto[20345]: | event after this is EVENT_DPD in 2 seconds
    2018:10:10-22:23:53 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #2
    2018:10:10-22:23:53 pluto[20345]: | next event EVENT_DPD in 2 seconds for #1
    2018:10:10-22:23:55 pluto[20345]: |
    2018:10:10-22:23:55 pluto[20345]: | *time to handle event
    2018:10:10-22:23:55 pluto[20345]: | event after this is EVENT_DPD_UPDATE in 28 seconds
    2018:10:10-22:23:55 pluto[20345]: | recent DPD activity 17 seconds ago, no need to send DPD notification
    2018:10:10-22:23:55 pluto[20345]: | inserting event EVENT_DPD, timeout in 30 seconds for #1
    2018:10:10-22:23:55 pluto[20345]: | next event EVENT_DPD_UPDATE in 28 seconds for #2
    2018:10:10-22:24:09 pluto[20345]: |
    2018:10:10-22:24:09 pluto[20345]: | *received 92 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:24:09 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:24:09 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:24:09 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:24:09 pluto[20345]: | state hash entry 11
    2018:10:10-22:24:09 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:24:09 pluto[20345]: | received DPD notification R_U_THERE with seqno = 11460
    2018:10:10-22:24:09 pluto[20345]: | sent DPD notification R_U_THERE_ACK with seqno = 11460
    2018:10:10-22:24:09 pluto[20345]: | next event EVENT_DPD_UPDATE in 14 seconds for #2
    2018:10:10-22:24:23 pluto[20345]: |
    2018:10:10-22:24:23 pluto[20345]: | *time to handle event
    2018:10:10-22:24:23 pluto[20345]: | event after this is EVENT_DPD in 2 seconds
    2018:10:10-22:24:23 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #2
    2018:10:10-22:24:23 pluto[20345]: | next event EVENT_DPD in 2 seconds for #1
    2018:10:10-22:24:25 pluto[20345]: |
    2018:10:10-22:24:25 pluto[20345]: | *time to handle event
    2018:10:10-22:24:25 pluto[20345]: | event after this is EVENT_DPD_UPDATE in 28 seconds
    2018:10:10-22:24:25 pluto[20345]: | recent DPD activity 16 seconds ago, no need to send DPD notification
    2018:10:10-22:24:25 pluto[20345]: | inserting event EVENT_DPD, timeout in 30 seconds for #1
    2018:10:10-22:24:25 pluto[20345]: | next event EVENT_DPD_UPDATE in 28 seconds for #2

  • Hi NeutralSt8,

    actually i meant the firewall log and not the IPSec log.

    But when the IPSec tunnel is established and no traffic is passing through try to build your own policy on both gateways.

    Keep in mind both side must use the same parameters in this policy.

    If you have your new policy change it in your IPSec connections.

    Best Regards
    DKKDG

  • I've never seen any VPN issue here that required having debug enabled to figure out the solution to the problem, but don't bother posting with debug off - DKKDG's right that the solution is elsewhere.  Do you have 'Automatic firewall rules' selected in the IPsec Connection on both sides?  Does #2.3 in Rulz help?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Auto firewall is on and strict routing is not in use - on both sides

  • I did not change any of the default AES-256 details on either end and had followed the example in the link.

    I am still able to remote desktop to the listening side of the site-to-site using the SSL VPN client connection that I had been using before.

    However, if I disconnect the SSL client and enable the IPSec site to site, I can no longer ping any of the remote computers.

    Any ideas on where the problem may be? Could they be in the Firewall rules and if so, why would it affect the site-to-site but not the SSL client?

  • Hi NeutralST8,

    did you build a new policy as i proposed?

    Best Regards
    DKKDG

Reply Children
  • Yes I created a new policy called MyOwn Policy on both routers and the same problem. I can connect but can traverse the network at the listening end. :-(

  • Sorry meant "can't" not "can"

  • Hi NeutralSt8,

    do you have matches on both firewall logs?

    Best Regards
    DKKDG

  • 2018:10:15-23:49:01 sikanni pluto[14914]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPSec A" address="184.xxx.xxx.xx2" local_net="192.168.xxx.0/24" remote_net="204.xxx.xxx.0/24

     

    2018:10:15-23:49:01 bsloffice pluto[7613]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPsec Tunnel B" address="24.xxx.xxx.xx1" local_net="204.xxx.xxx.0/24" remote_net="192.168.xxx.0/24"

     

    The 2 external addresses (184.xxx.xxx.xx2 and 24.xxx.xxx.xx1) are correct as well as both the declared internal networks.

  • Not sure what I should be looking for in the firewall logs.

    Sorry a bit of a amateur with the debugging. What should I be looking for? When I attempt RDP to my remote server, no entries appear for the IP that I am trying to query.

  • BTW thanks for the follow up replies

  • Hi NeutralSt8,

    the IPSec log is not needed.
    The packetfilter log ist what i meant.

    Best Regards
    DKKDG

  • So I finally got a log entry with the desired IP of the system I am trying to RDP to:

    2018:10:16-10:52:41 sikanni pluto[18794]: "S_Test IPSec A"[4] 24.xxx.xxx.xx1 #23: cannot respond to IPsec SA request because no connection is known for 192.68.38.250/32===184.xxx.xxx.xx2[184.xxx.xxx.xx2]...24.xxx.xxx.xx1[24.xxx.xxx.xx1]===204.xxx.xxx.0/24
    2018:10:16-10:52:41 sikanni pluto[18794]: "S_Test IPSec A"[4] 24.xxx.xxx.xx1 #23: sending encrypted notification INVALID_ID_INFORMATION to 24.xxx.xxx.xx1:500

    to get to this stage, I created a direct definition for the host in the IPSec site-to-site settings. At least I am seeing that UTM is looking for the system.

  • So I created another set of connection definitions and my tunnel appears to be working. However, I am still unable to RDP to the system. I can ping my destination from my local UTM using the Tools - Ping Check.

    Where do I go to define the access to the remote computers? Assume my local subnet is 192.168.200.xxx and I am trying to access the remote computers on 192.168.100.xxx?

    I would have thought the definitions described in the Remote Gateway(s) would take care of it .. no?

  • You might try working through #1 in Rulz.

    Please show pictures of the Edits of the Remote Gateway and IPsec Connection from both sides.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA