Hello all,
I've successfully setup and connected a site to site vpn with a UTM 9 living in AWS and an RV325 in a remote office. This connection was working completely fine and randomly stopped working without any configuration changes, and I'm a bit stumped. Before this stoppage, I was able to ping to both LANs from their opposing site without any issue and also remotely access servers on both ends. Configuration is as follows, with PSK:
| AES-256 PFS |
Compression off, not using strict policy.IKE Settings: AES 256 / MD5 / Group 5: MODP 1536 Lifetime: 7800 seconds
IPsec Settings: AES 256 / MD5 / Group 5: MODP 1536 Lifetime: 3600 seconds
NAT-T: Enabled
DPD: Enabled
Dump of the IPsec VPN Live Log upon enabling the connection:
2018:09:06-12:45:39 sophosutm pluto[17456]: "S_Tunnel" #1: deleting state (STATE_MAIN_I4)
2018:09:06-12:45:39 sophosutm pluto[17456]: shutting down interface lo/lo ::1
2018:09:06-12:45:39 sophosutm pluto[17456]: shutting down interface lo/lo 127.0.0.1
2018:09:06-12:45:39 sophosutm pluto[17456]: shutting down interface lo/lo 127.0.0.1
2018:09:06-12:45:39 sophosutm pluto[17456]: shutting down interface eth0/eth0 10.0.0.10
2018:09:06-12:45:39 sophosutm pluto[17456]: shutting down interface eth0/eth0 10.0.0.10
2018:09:06-12:45:39 sophosutm pluto[17456]: shutting down interface tun0/tun0 10.242.2.1
2018:09:06-12:45:39 sophosutm pluto[17456]: shutting down interface tun0/tun0 10.242.2.1
2018:09:06-12:45:39 sophosutm ipsec_starter[17446]: pluto stopped after 60 ms
2018:09:06-12:45:39 sophosutm ipsec_starter[17446]: ipsec starter stopped
2018:09:06-12:47:07 sophosutm ipsec_starter[18068]: Starting strongSwan 4.4.1git20100610 IPsec [starter]...
2018:09:06-12:47:07 sophosutm pluto[18084]: Starting IKEv1 pluto daemon (strongSwan 4.4.1git20100610) THREADS VENDORID CISCO_QUIRKS
2018:09:06-12:47:07 sophosutm ipsec_starter[18074]: pluto (18084) started after 20 ms
2018:09:06-12:47:07 sophosutm pluto[18084]: loaded plugins: curl ldap aes des blowfish serpent twofish sha1 sha2 md5 random x509 pubkey pkcs1 pgp dnskey pem sqlite hmac gmp xauth attr attr-sql resolve
2018:09:06-12:47:07 sophosutm pluto[18084]: including NAT-Traversal patch (Version 0.6c)
2018:09:06-12:47:07 sophosutm pluto[18084]: Using Linux 2.6 IPsec interface code
2018:09:06-12:47:07 sophosutm pluto[18084]: loading ca certificates from '/etc/ipsec.d/cacerts'
2018:09:06-12:47:07 sophosutm pluto[18084]: loaded ca certificate from '/etc/ipsec.d/cacerts/VPN Signing CA.pem'
2018:09:06-12:47:07 sophosutm pluto[18084]: loading aa certificates from '/etc/ipsec.d/aacerts'
2018:09:06-12:47:07 sophosutm pluto[18084]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2018:09:06-12:47:07 sophosutm pluto[18084]: Changing to directory '/etc/ipsec.d/crls'
2018:09:06-12:47:07 sophosutm pluto[18084]: loading attribute certificates from '/etc/ipsec.d/acerts'
2018:09:06-12:47:07 sophosutm pluto[18084]: adding interface tun0/tun0 10.242.2.1:500
2018:09:06-12:47:07 sophosutm pluto[18084]: adding interface tun0/tun0 10.242.2.1:4500
2018:09:06-12:47:07 sophosutm pluto[18084]: adding interface eth0/eth0 10.0.0.10:500
2018:09:06-12:47:07 sophosutm pluto[18084]: adding interface eth0/eth0 10.0.0.10:4500
2018:09:06-12:47:07 sophosutm pluto[18084]: adding interface lo/lo 127.0.0.1:500
2018:09:06-12:47:07 sophosutm pluto[18084]: adding interface lo/lo 127.0.0.1:4500
2018:09:06-12:47:07 sophosutm pluto[18084]: adding interface lo/lo ::1:500
2018:09:06-12:47:07 sophosutm pluto[18084]: loading secrets from "/etc/ipsec.secrets"
2018:09:06-12:47:07 sophosutm pluto[18084]: loaded PSK secret for 10.0.0.10 XX.XX.XX.XX
2018:09:06-12:47:07 sophosutm pluto[18084]: listening for IKE messages
2018:09:06-12:47:07 sophosutm pluto[18084]: added connection description "S_Tunnel"
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #1: initiating Main Mode
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #1: received Vendor ID payload [Dead Peer Detection]
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #1: received Vendor ID payload [RFC 3947]
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #1: enabling possible NAT-traversal with method 3
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #1: NAT-Traversal: Result using RFC 3947: i am NATed
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #1: Peer ID is ID_IPV4_ADDR: 'XX.XX.XX.XX'
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #1: Dead Peer Detection (RFC 3706) enabled
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #1: ISAKMP SA established
2018:09:06-12:47:07 sophosutm pluto[18084]: "S_Tunnel" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
2018:09:06-12:47:08 sophosutm pluto[18084]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="Tunnel" address="10.0.0.10" local_net="10.0.0.0/23" remote_net="172.16.0.0/24"
2018:09:06-12:47:08 sophosutm pluto[18084]: "S_Tunnel" #2: sent QI2, IPsec SA established {ESP=>0xc3627950 <0x10a2c277 NATOA=0.0.0.0 DPD}
This thread was automatically locked due to age.
