Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC: requests: list-sas then disconnect

    Scheduled Pinned Locked Moved
    IPsec
    2
    2
    182
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      datacare
      last edited by

      Creating a new IPSEC tunnel and cannot get it connected. It attempts to connect phase 1 and gets to hte point where it says requests: list-sas and then disconnects.

      LOG:
      ug 9 09:39:46 charon 99121 15[CFG] vici client 55 connected
      Aug 9 09:39:46 charon 99121 01[CFG] vici client 55 registered for: list-sa
      Aug 9 09:39:46 charon 99121 01[CFG] vici client 55 requests: list-sas
      Aug 9 09:39:46 charon 99121 15[CFG] vici client 55 disconnected
      Aug 9 09:39:51 charon 99121 01[CFG] vici client 56 connected
      Aug 9 09:39:51 charon 99121 08[CFG] vici client 56 registered for: list-sa
      Aug 9 09:39:51 charon 99121 15[CFG] vici client 56 requests: list-sas
      Aug 9 09:39:51 charon 99121 15[CFG] vici client 56 disconnected
      Aug 9 09:39:51 charon 99121 01[CFG] vici client 57 connected
      Aug 9 09:39:51 charon 99121 15[CFG] vici client 57 registered for: control-log
      Aug 9 09:39:51 charon 99121 15[CFG] vici client 57 requests: initiate
      Aug 9 09:39:51 charon 99121 15[CFG] vici initiate CHILD_SA 'con1'
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_VENDOR task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_INIT task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_NATD task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_CERT_PRE task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_AUTH task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_CERT_POST task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_CONFIG task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_AUTH_LIFETIME task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing IKE_ESTABLISH task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> queueing CHILD_CREATE task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating new tasks
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_VENDOR task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_INIT task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_NATD task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_CERT_PRE task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_AUTH task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_CERT_POST task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_CONFIG task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_AUTH_LIFETIME task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating IKE_ESTABLISH task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> activating CHILD_CREATE task
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> initiating IKE_SA con1[2] to 166.203.48.57
      Aug 9 09:39:51 charon 99121 01[IKE] <con1|2> IKE_SA con1[2] state change: CREATED => CONNECTING
      Aug 9 09:39:51 charon 99121 01[CFG] <con1|2> configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
      Aug 9 09:39:51 charon 99121 01[CFG] <con1|2> sending supported signature hash algorithms: sha256 sha384 sha512 identity
      Aug 9 09:39:51 charon 99121 01[ENC] <con1|2> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
      Aug 9 09:39:51 charon 99121 01[NET] <con1|2> sending packet: from 50.219.212.55[500] to 166.203.48.57[500] (464 bytes)
      Aug 9 09:39:51 charon 99121 01[CFG] vici client 58 connected
      Aug 9 09:39:51 charon 99121 13[CFG] vici client 58 registered for: list-sa
      Aug 9 09:39:51 charon 99121 13[CFG] vici client 58 requests: list-sas
      Aug 9 09:39:51 charon 99121 09[CFG] vici client 58 disconnected
      Aug 9 09:39:55 charon 99121 09[IKE] <con1|2> retransmit 1 of request with message ID 0
      Aug 9 09:39:55 charon 99121 09[NET] <con1|2> sending packet: from 50.219.212.55[500] to 166.203.48.57[500] (464 bytes)
      Aug 9 09:39:56 charon 99121 09[CFG] vici client 57 disconnected
      Aug 9 09:39:56 charon 99121 15[CFG] vici client 59 connected
      Aug 9 09:39:56 charon 99121 13[CFG] vici client 59 registered for: list-sa
      Aug 9 09:39:56 charon 99121 09[CFG] vici client 59 requests: list-sas
      Aug 9 09:39:56 charon 99121 13[CFG] vici client 59 disconnected
      Aug 9 09:40:01 charon 99121 09[CFG] vici client 60 connected
      Aug 9 09:40:01 charon 99121 09[CFG] vici client 60 registered for: list-sa
      Aug 9 09:40:01 charon 99121 13[CFG] vici client 60 requests: list-sas
      Aug 9 09:40:01 charon 99121 07[CFG] vici client 60 disconnected
      Aug 9 09:40:02 charon 99121 07[IKE] <con1|2> retransmit 2 of request with message ID 0
      Aug 9 09:40:02 charon 99121 07[NET] <con1|2> sending packet: from 50.219.212.55[500] to 166.203.48.57[500] (464 bytes)
      Aug 9 09:40:06 charon 99121 13[CFG] vici client 61 connected
      Aug 9 09:40:06 charon 99121 13[CFG] vici client 61 registered for: list-sa
      Aug 9 09:40:06 charon 99121 10[CFG] vici client 61 requests: list-sas
      Aug 9 09:40:06 charon 99121 13[CFG] vici client 61 disconnected
      Aug 9 09:40:11 charon 99121 10[CFG] vici client 62 connected
      Aug 9 09:40:11 charon 99121 12[CFG] vici client 62 registered for: list-sa
      Aug 9 09:40:11 charon 99121 12[CFG] vici client 62 requests: list-sas
      Aug 9 09:40:11 charon 99121 10[CFG] vici client 62 disconnected
      Aug 9 09:40:15 charon 99121 10[IKE] <con1|2> retransmit 3 of request with message ID 0
      Aug 9 09:40:15 charon 99121 10[NET] <con1|2> sending packet: from 50.219.212.55[500] to 166.203.48.57[500] (464 bytes)
      Aug 9 09:40:16 charon 99121 12[CFG] vici client 63 connected
      Aug 9 09:40:16 charon 99121 12[CFG] vici client 63 registered for: list-sa
      Aug 9 09:40:16 charon 99121 10[CFG] vici client 63 requests: list-sas
      Aug 9 09:40:16 charon 99121 10[CFG] vici client 63 disconnected
      Aug 9 09:40:21 charon 99121 07[CFG] vici client 64 connected
      Aug 9 09:40:21 charon 99121 10[CFG] vici client 64 registered for: list-sa
      Aug 9 09:40:21 charon 99121 10[CFG] vici client 64 requests: list-sas
      Aug 9 09:40:21 charon 99121 07[CFG] vici client 64 disconnected
      Aug 9 09:40:27 charon 99121 10[CFG] vici client 65 connected
      Aug 9 09:40:27 charon 99121 11[CFG] vici client 65 registered for: list-sa
      Aug 9 09:40:27 charon 99121 11[CFG] vici client 65 requests: list-sas
      Aug 9 09:40:27 charon 99121 10[CFG] vici client 65 disconnected
      Aug 9 09:40:32 charon 99121 07[CFG] vici client 66 connected
      Aug 9 09:40:32 charon 99121 11[CFG] vici client 66 registered for: list-sa
      Aug 9 09:40:32 charon 99121 11[CFG] vici client 66 requests: list-sas
      Aug 9 09:40:32 charon 99121 11[CFG] vici client 66 disconnected

      keyserK 1 Reply Last reply Reply Quote 0
      • keyserK
        keyser Rebel Alliance @datacare
        last edited by

        @datacare There are no responses from the opposite end. Remeber IKE uses UDP, and can transmit several packets it considers “data” without any preceeding “connection” being made as with TCP.
        Notice there are no packets recieved from the other end - so you need to investigate that, and why :-)

        Love the no fuss of using the official appliances :-)

        1 Reply Last reply Reply Quote 1
        • First post
          Last post