Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 30 replies
  • Subscribers 3 subscribers
  • Views 20697 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec site to site tunneling not able to see computers on remote side

NeutralSt8

I have successfully followed the instructions in the following link - https://community.sophos.com/kb/en-us/127030.

I have an indicator in the Site-to-site VPN page where Test IPsec Tunnel B indicates "1 of 1 IPsec SAs established" on the initiator and Test IPsec A with the same message showing.

Unfortunately, I cannot ping or remote desktop to any of my computers on the remote network. When I use the Sophos SSL VPN client, I am able to remote desktop to the desired systems.

The status of the end points show the following:

 

Test IPSec A: 192.168.xx1.0/24=EXTERNAL_IP_1 <-> EXTERNAL_IP_2=192.168.xx2.0/24

VPN ID: EXTERNAL_IP_1

Test IPsec Tunnel B: 192.168.xx2.0/24=EXTERNAL_IP2 <-> EXTERNAL_IP_1= 192.168.xx1.0/24

VPN ID: EXTERNAL_IP_2

 

Any suggestions will be appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi NeutralSt8,

    have you ticked automatic firewall rules?

    If you have ticked can you enable the logging for this rule and show us the log?

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    Thanks for the reply. Here is the log from the initiator side of the tunnel. Let me know if you need the responder side as well.

    I have edited the actual IP's with search and replace but if you need the actual details, I can forward the actual log file that I created. I noticed that there appears to be a number of "whack messages" but I am not sure what may have initiated those comments LOL.

     

    2018:10:10-15:53:29 pluto[28116]: | crl list unlocked by 'free_crls'
    2018:10:10-15:53:29 pluto[28116]: | ocsp cache locked by 'free_ocsp_cache'
    2018:10:10-15:53:29 pluto[28116]: | ocsp cache unlocked by 'free_ocsp_cache'
    2018:10:10-15:53:29 pluto[28116]: shutting down interface lo/lo ::1
    2018:10:10-15:53:29 pluto[28116]: shutting down interface lo/lo 127.0.0.1
    2018:10:10-15:53:29 pluto[28116]: shutting down interface eth4/eth4 NETWORK_1.254
    2018:10:10-15:53:29 pluto[28116]: shutting down interface eth5/eth5 EXTERNAL_IP_1.221
    2018:10:10-15:53:29 pluto[28116]: shutting down interface tun0/tun0 10.242.2.1
    2018:10:10-15:53:29 ipsec_starter[28109]: pluto stopped after 40 ms
    2018:10:10-15:53:29 ipsec_starter[28109]: ipsec starter stopped
    2018:10:10-22:23:15 ipsec_starter[20331]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
    2018:10:10-22:23:15 pluto[20345]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
    2018:10:10-22:23:15 ipsec_starter[20337]: pluto (20345) started after 20 ms
    2018:10:10-22:23:15 pluto[20345]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: including NAT-Traversal patch (Version 0.6c) [disabled]
    2018:10:10-22:23:15 pluto[20345]: Using Linux 2.6 IPsec interface code
    2018:10:10-22:23:15 pluto[20345]: loading ca certificates from '/etc/ipsec.d/cacerts'
    2018:10:10-22:23:15 pluto[20345]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
    2018:10:10-22:23:15 pluto[20345]: | authcert list locked by 'add_authcert'
    2018:10:10-22:23:15 pluto[20345]: | authcert inserted
    2018:10:10-22:23:15 pluto[20345]: | authcert list unlocked by 'add_authcert'
    2018:10:10-22:23:15 pluto[20345]: loading aa certificates from '/etc/ipsec.d/aacerts'
    2018:10:10-22:23:15 pluto[20345]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
    2018:10:10-22:23:15 pluto[20345]: Changing to directory '/etc/ipsec.d/crls'
    2018:10:10-22:23:15 pluto[20345]: loading attribute certificates from '/etc/ipsec.d/acerts'
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_LOG_DAILY, timeout in 5805 seconds
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | found lo with address 127.0.0.1
    2018:10:10-22:23:15 pluto[20345]: | found eth4 with address NETWORK_1.254
    2018:10:10-22:23:15 pluto[20345]: | found eth5 with address EXTERNAL_IP_1.221
    2018:10:10-22:23:15 pluto[20345]: | found tun0 with address 10.242.2.1
    2018:10:10-22:23:15 pluto[20345]: adding interface tun0/tun0 10.242.2.1:500
    2018:10:10-22:23:15 pluto[20345]: adding interface eth5/eth5 EXTERNAL_IP_1.221:500
    2018:10:10-22:23:15 pluto[20345]: adding interface eth4/eth4 NETWORK_1.254:500
    2018:10:10-22:23:15 pluto[20345]: adding interface lo/lo 127.0.0.1:500
    2018:10:10-22:23:15 pluto[20345]: | found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
    2018:10:10-22:23:15 pluto[20345]: adding interface lo/lo ::1:500
    2018:10:10-22:23:15 pluto[20345]: | certs and keys locked by 'free_preshared_secrets'
    2018:10:10-22:23:15 pluto[20345]: | certs and keys unlocked by 'free_preshard_secrets'
    2018:10:10-22:23:15 pluto[20345]: loading secrets from "/etc/ipsec.secrets"
    2018:10:10-22:23:15 pluto[20345]: loaded PSK secret for EXTERNAL_IP_1.221 EXTERNAL_IP_2.202
    2018:10:10-22:23:15 pluto[20345]: | certs and keys locked by 'process_secret'
    2018:10:10-22:23:15 pluto[20345]: | certs and keys unlocked by 'process_secrets'
    2018:10:10-22:23:15 pluto[20345]: listening for IKE messages
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | from whack: got --esp=aes256-md5
    2018:10:10-22:23:15 pluto[20345]: | esp proposal: AES_CBC_256/HMAC_MD5,
    2018:10:10-22:23:15 pluto[20345]: | from whack: got --ike=aes256-md5-modp1536
    2018:10:10-22:23:15 pluto[20345]: | ike proposal: AES_CBC_256/HMAC_MD5/MODP_1536,
    2018:10:10-22:23:15 pluto[20345]: added connection description "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: | NETWORK_1.0/24===EXTERNAL_IP_1.221[EXTERNAL_IP_1.221]...EXTERNAL_IP_2.202[EXTERNAL_IP_2.202]===192.168.38.0/24
    2018:10:10-22:23:15 pluto[20345]: | ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: PSK+ENCRYPT+TUNNEL
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_REINIT_SECRET in 3600 seconds
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received whack message
    2018:10:10-22:23:15 pluto[20345]: | creating state object #1 at 0x9dfedc0
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | Queuing pending Quick Mode with EXTERNAL_IP_2.202 "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: initiating Main Mode
    2018:10:10-22:23:15 pluto[20345]: | ike proposal: AES_CBC_256/HMAC_MD5/MODP_1536,
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 156 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object not found
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I1
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [strongSwan]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: ignoring Vendor ID payload [Cisco-Unity]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [XAUTH]
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: received Vendor ID payload [Dead Peer Detection]
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: 00 00 00 00 00 00 00 00
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 25
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 244 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I2
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 60 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I3
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: Peer ID is ID_IPV4_ADDR: 'EXTERNAL_IP_2.202'
    2018:10:10-22:23:15 pluto[20345]: | peer CA: %none
    2018:10:10-22:23:15 pluto[20345]: | required CA: %none
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: Dead Peer Detection (RFC 3706) enabled
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_DPD, timeout in 40 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SA_REPLACE, timeout in 7048 seconds for #1
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #1: ISAKMP SA established
    2018:10:10-22:23:15 pluto[20345]: | unqueuing pending Quick Mode with EXTERNAL_IP_2.202 "S_Test IPsec Tunnel B"
    2018:10:10-22:23:15 pluto[20345]: | duplicating state object #1
    2018:10:10-22:23:15 pluto[20345]: | creating state object #2 at 0x9e00c68
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#1}
    2018:10:10-22:23:15 pluto[20345]: | esp proposal: AES_CBC_256/HMAC_MD5,
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_RETRANSMIT in 10 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: |
    2018:10:10-22:23:15 pluto[20345]: | *received 156 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #2 found, in STATE_QUICK_I1
    2018:10:10-22:23:15 pluto[20345]: | our client is subnet NETWORK_1.0/24
    2018:10:10-22:23:15 pluto[20345]: | our client protocol/port is 0/0
    2018:10:10-22:23:15 pluto[20345]: | peer client is subnet 192.168.38.0/24
    2018:10:10-22:23:15 pluto[20345]: | peer client protocol/port is 0/0
    2018:10:10-22:23:15 pluto[20345]: | kernel_alg_esp_auth_keylen(auth=1, sadb_aalg=2): a_keylen=16
    2018:10:10-22:23:15 pluto[20345]: | install_ipsec_sas() for #2: inbound and outbound
    2018:10:10-22:23:15 pluto[20345]: | route owner of "S_Test IPsec Tunnel B" unrouted: NULL; eroute owner: NULL
    2018:10:10-22:23:15 pluto[20345]: | add inbound eroute 192.168.38.0/24:0 -> NETWORK_1.0/24:0 => tun.10000@EXTERNAL_IP_1.221:0
    2018:10:10-22:23:15 pluto[20345]: | sr for #2: unrouted
    2018:10:10-22:23:15 pluto[20345]: | route owner of "S_Test IPsec Tunnel B" unrouted: NULL; eroute owner: NULL
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute with c: S_Test IPsec Tunnel B (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 2
    2018:10:10-22:23:15 pluto[20345]: | eroute_connection add eroute NETWORK_1.0/24:0 -> 192.168.38.0/24:0 => tun.0@EXTERNAL_IP_2.202:0
    2018:10:10-22:23:15 pluto[20345]: | executing up-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPsec Tunnel B" address="EXTERNAL_IP_1.221" local_net="NETWORK_1.0/24" remote_net="192.168.38.0/24"
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute: firewall_notified: true
    2018:10:10-22:23:15 pluto[20345]: | executing prepare-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='prepare-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: | executing route-client: 2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='route-client' PLUTO_CONNECTION='S_Test IPsec Tunnel B' PLUTO_NEXT_HOP='EXTERNAL_IP_2.202' PLUTO_INTERFACE='eth5' PLUTO_REQID='16385' PLUTO_ME='EXTERNAL_IP_1.221' PLUTO_MY_ID='EXTERNAL_IP_1.221' PLUTO_MY_CLIENT='NETWORK_1.0/24' PLUTO_MY_CLIENT_NET='NETWORK_1.0' PLUTO_MY_CLIENT_MASK='255.255.255.0' PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='EXTERNAL_IP_2.202' PLUTO_PEER_ID='EXTERNAL_IP_2.202' PLUTO_PEER_CLIENT='192.168.38.0/24' PLUTO_PEER_CLIENT_NET='192.168.38.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_MY_SOURCEIP='NETWORK_1.254' /usr/libexec/ipsec/updown classic
    2018:10:10-22:23:15 pluto[20345]: updown: called /sbin/ip -4 route replace 192.168.38.0/24 dev eth5 table main src NETWORK_1.254 proto ipsec metric 0 (0)
    2018:10:10-22:23:15 pluto[20345]: updown: called /usr/local/bin/ct -D -s NETWORK_1.0/24 -d 192.168.38.0/24 (0)
    2018:10:10-22:23:15 pluto[20345]: | route_and_eroute: instance "S_Test IPsec Tunnel B", setting eroute_owner {spd=0x9df6bb0,sr=0x9df6bb0} to #2 (was #0) (newest_ipsec_sa=#0)
    2018:10:10-22:23:15 pluto[20345]: | inR1_outI2: instance S_Test IPsec Tunnel B[0], setting newest_ipsec_sa to #2 (was #0) (spd.eroute=#2)
    2018:10:10-22:23:15 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:15 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:15 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:15 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:15 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 38 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: | inserting event EVENT_SA_REPLACE, timeout in 2629 seconds for #2
    2018:10:10-22:23:15 pluto[20345]: "S_Test IPsec Tunnel B" #2: sent QI2, IPsec SA established {ESP=>0xd19135e8 <0x27d3d29f DPD}
    2018:10:10-22:23:15 pluto[20345]: | next event EVENT_DPD_UPDATE in 38 seconds for #2
    2018:10:10-22:23:38 pluto[20345]: |
    2018:10:10-22:23:38 pluto[20345]: | *received 92 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:23:38 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:23:38 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:23:38 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:23:38 pluto[20345]: | state hash entry 11
    2018:10:10-22:23:38 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:23:38 pluto[20345]: | received DPD notification R_U_THERE with seqno = 11459
    2018:10:10-22:23:38 pluto[20345]: | sent DPD notification R_U_THERE_ACK with seqno = 11459
    2018:10:10-22:23:38 pluto[20345]: | next event EVENT_DPD_UPDATE in 15 seconds for #2
    2018:10:10-22:23:53 pluto[20345]: |
    2018:10:10-22:23:53 pluto[20345]: | *time to handle event
    2018:10:10-22:23:53 pluto[20345]: | event after this is EVENT_DPD in 2 seconds
    2018:10:10-22:23:53 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #2
    2018:10:10-22:23:53 pluto[20345]: | next event EVENT_DPD in 2 seconds for #1
    2018:10:10-22:23:55 pluto[20345]: |
    2018:10:10-22:23:55 pluto[20345]: | *time to handle event
    2018:10:10-22:23:55 pluto[20345]: | event after this is EVENT_DPD_UPDATE in 28 seconds
    2018:10:10-22:23:55 pluto[20345]: | recent DPD activity 17 seconds ago, no need to send DPD notification
    2018:10:10-22:23:55 pluto[20345]: | inserting event EVENT_DPD, timeout in 30 seconds for #1
    2018:10:10-22:23:55 pluto[20345]: | next event EVENT_DPD_UPDATE in 28 seconds for #2
    2018:10:10-22:24:09 pluto[20345]: |
    2018:10:10-22:24:09 pluto[20345]: | *received 92 bytes from EXTERNAL_IP_2.202:500 on eth5
    2018:10:10-22:24:09 pluto[20345]: | ICOOKIE: 55 03 e9 e0 c9 63 6b 5a
    2018:10:10-22:24:09 pluto[20345]: | RCOOKIE: e1 5c 33 e2 69 1d 1f a3
    2018:10:10-22:24:09 pluto[20345]: | peer: b8 47 a2 ca
    2018:10:10-22:24:09 pluto[20345]: | state hash entry 11
    2018:10:10-22:24:09 pluto[20345]: | state object #1 found, in STATE_MAIN_I4
    2018:10:10-22:24:09 pluto[20345]: | received DPD notification R_U_THERE with seqno = 11460
    2018:10:10-22:24:09 pluto[20345]: | sent DPD notification R_U_THERE_ACK with seqno = 11460
    2018:10:10-22:24:09 pluto[20345]: | next event EVENT_DPD_UPDATE in 14 seconds for #2
    2018:10:10-22:24:23 pluto[20345]: |
    2018:10:10-22:24:23 pluto[20345]: | *time to handle event
    2018:10:10-22:24:23 pluto[20345]: | event after this is EVENT_DPD in 2 seconds
    2018:10:10-22:24:23 pluto[20345]: | inserting event EVENT_DPD_UPDATE, timeout in 30 seconds for #2
    2018:10:10-22:24:23 pluto[20345]: | next event EVENT_DPD in 2 seconds for #1
    2018:10:10-22:24:25 pluto[20345]: |
    2018:10:10-22:24:25 pluto[20345]: | *time to handle event
    2018:10:10-22:24:25 pluto[20345]: | event after this is EVENT_DPD_UPDATE in 28 seconds
    2018:10:10-22:24:25 pluto[20345]: | recent DPD activity 16 seconds ago, no need to send DPD notification
    2018:10:10-22:24:25 pluto[20345]: | inserting event EVENT_DPD, timeout in 30 seconds for #1
    2018:10:10-22:24:25 pluto[20345]: | next event EVENT_DPD_UPDATE in 28 seconds for #2

  • 0 in reply to DKKDG

    2018:10:15-23:49:01 sikanni pluto[14914]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPSec A" address="184.xxx.xxx.xx2" local_net="192.168.xxx.0/24" remote_net="204.xxx.xxx.0/24

     

    2018:10:15-23:49:01 bsloffice pluto[7613]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Test IPsec Tunnel B" address="24.xxx.xxx.xx1" local_net="204.xxx.xxx.0/24" remote_net="192.168.xxx.0/24"

     

    The 2 external addresses (184.xxx.xxx.xx2 and 24.xxx.xxx.xx1) are correct as well as both the declared internal networks.

  • 0 in reply to DKKDG

    Not sure what I should be looking for in the firewall logs.

    Sorry a bit of a amateur with the debugging. What should I be looking for? When I attempt RDP to my remote server, no entries appear for the IP that I am trying to query.

  • 0 in reply to DKKDG

    BTW thanks for the follow up replies

  • 0 in reply to NeutralSt8

    Hi NeutralSt8,

    the IPSec log is not needed.
    The packetfilter log ist what i meant.

    Best Regards
    DKKDG

  • 0 in reply to DKKDG

    So I finally got a log entry with the desired IP of the system I am trying to RDP to:

    2018:10:16-10:52:41 sikanni pluto[18794]: "S_Test IPSec A"[4] 24.xxx.xxx.xx1 #23: cannot respond to IPsec SA request because no connection is known for 192.68.38.250/32===184.xxx.xxx.xx2[184.xxx.xxx.xx2]...24.xxx.xxx.xx1[24.xxx.xxx.xx1]===204.xxx.xxx.0/24
    2018:10:16-10:52:41 sikanni pluto[18794]: "S_Test IPSec A"[4] 24.xxx.xxx.xx1 #23: sending encrypted notification INVALID_ID_INFORMATION to 24.xxx.xxx.xx1:500

    to get to this stage, I created a direct definition for the host in the IPSec site-to-site settings. At least I am seeing that UTM is looking for the system.

  • 0 in reply to DKKDG

    So I created another set of connection definitions and my tunnel appears to be working. However, I am still unable to RDP to the system. I can ping my destination from my local UTM using the Tools - Ping Check.

    Where do I go to define the access to the remote computers? Assume my local subnet is 192.168.200.xxx and I am trying to access the remote computers on 192.168.100.xxx?

    I would have thought the definitions described in the Remote Gateway(s) would take care of it .. no?

  • 0 in reply to NeutralSt8

    You might try working through #1 in Rulz.

    Please show pictures of the Edits of the Remote Gateway and IPsec Connection from both sides.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to NeutralSt8

    Yeah, that all looks perfect.  If you did #1 in Rulz, then that just leaves a routing issue.  When you try to RDP to the server, are you using a numeric IP or a name?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I am using an IP address.

    What I had been attempting to do was to switch over from the SSL VPN client connection to the IPSec site to site. When I turn off the IPSec, I am still able to connect with the SSL client and RDP to the server. When I switch back to the IPSec connection, I am no longer able to get to RDP to the same system.

    Are there routing settings that will interfere with one connection and not the other?

    I would have assumed that once the connection(s) is made, the routing would be the same.

    I do have some web servers on the Services side (respondent) of the connection that are using the Webserver Protection functions

    Pretty generic stuff.

Reply
  • 0 in reply to BAlfson

    I am using an IP address.

    What I had been attempting to do was to switch over from the SSL VPN client connection to the IPSec site to site. When I turn off the IPSec, I am still able to connect with the SSL client and RDP to the server. When I switch back to the IPSec connection, I am no longer able to get to RDP to the same system.

    Are there routing settings that will interfere with one connection and not the other?

    I would have assumed that once the connection(s) is made, the routing would be the same.

    I do have some web servers on the Services side (respondent) of the connection that are using the Webserver Protection functions

    Pretty generic stuff.

Children
No Data
Unfiltered HTML