<div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Dear Team,<br></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">After further troubleshooting, and changing the config as below : </div><div class="gmail_default"><div class="gmail_default" style="font-family:tahoma,sans-serif">conn televida</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> auto=route</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> compress=no</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> type=tunnel</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> reauth=no</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> mobike=no</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> keyexchange=ikev2</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> <b> lifetime=86400s</b></div><div class="gmail_default" style="font-family:tahoma,sans-serif"> fragmentation=yes</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> forceencaps=yes</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> dpdaction=clear</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> dpddelay=300s</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><b> rekey=yes</b></div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightfirewall=yes</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> leftfirewall=yes</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> left=%any</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> leftid=35.185.2**.** </div><div class="gmail_default" style="font-family:tahoma,sans-serif"> leftcert=server-cert.pem</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> leftsendcert=never</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> leftsubnet=<a href="http://10.138.0.0/20,0.0.0.0/0">10.138.0.0/20,0.0.0.0/0</a></div><div class="gmail_default" style="font-family:tahoma,sans-serif"> right=200.1*.1*3.* </div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightid=%any</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightauth=psk</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightsourceip=<a href="http://10.10.10.0/24">10.10.10.0/24</a></div><div class="gmail_default" style="font-family:tahoma,sans-serif"> #rightsourceip=</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightdns=8.8.8.8,8.8.4.4</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> rightsendcert=never</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> ike=aes256-sha256-ecp521</div><div class="gmail_default" style="font-family:tahoma,sans-serif"> esp=aes256-sha256-ecp521</div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">the error is :</div><div class="gmail_default"><div class="gmail_default"><font face="tahoma, sans-serif"><br></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] received stroke: add connection 'televida'</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] conn televida</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] left=%any</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] leftsubnet=<a href="http://10.138.0.0/20">10.138.0.0/20</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] leftid=35.185.2**.** </font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] leftcert=server-cert.pem</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] leftupdown=ipsec _updown iptables</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] right=200.1*.1*3.*</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] rightsourceip=<a href="http://10.10.10.0/24">10.10.10.0/24</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] rightdns=8.8.8.8,8.8.4.4</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] rightauth=psk</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] rightid=%any</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] rightupdown=ipsec _updown iptables</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] ike=aes256-sha256-ecp521</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] esp=aes256-sha256-ecp521</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] dpddelay=300</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] dpdtimeout=150</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] dpdaction=1</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] sha256_96=no</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] mediation=no</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] keyexchange=ikev2</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] adding virtual IP address pool <a href="http://10.10.10.0/24">10.10.10.0/24</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] loaded certificate "CN=35.185.2**.** " from 'server-cert.pem'</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 05[CFG] added configuration 'televida'</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 07[CFG] received stroke: route 'televida'</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 07[CFG] proposing traffic selectors for us:</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 07[CFG] <a href="http://10.138.0.0/20">10.138.0.0/20</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 07[CFG] proposing traffic selectors for other:</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 07[CFG] 200.1*.1*3.*/32</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:52 klick-001 charon: 07[CFG] configured proposals: ESP:AES_CBC_256/HMAC_SHA2_256_128/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[NET] received packet: from 200.1*.1*3.*[500] to 10.138.0.4[500] (292 bytes)</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[ENC] parsed IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[CFG] looking for an ike config for 10.138.0.4...200.1*.1*3.*</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[CFG] candidate: %any...200.1*.1*3.*, prio 2076</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[CFG] found matching ike config: %any...200.1*.1*3.* with prio 2076</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[IKE] 200.1*.1*3.* is initiating an IKE_SA</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[CFG] selecting proposal:</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[CFG] proposal matches</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[CFG] received proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_521</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[CFG] configured proposals: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_521, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/AES_CTR_128/AES_CTR_192/AES_CTR_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/3DES_CBC/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/AES_XCBC_96/AES_CMAC_96/HMAC_SHA1_96/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048, IKE:AES_CCM_16_128/AES_CCM_16_192/AES_CCM_16_256/AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_CCM_8_128/AES_CCM_8_192/AES_CCM_8_256/AES_CCM_12_128/AES_CCM_12_192/AES_CCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/PRF_AES128_XCBC/PRF_AES128_CMAC/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/PRF_HMAC_SHA1/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/MODP_3072/MODP_4096/MODP_6144/MODP_8192/MODP_2048</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[CFG] selected proposal: IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_521</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[IKE] local host is behind NAT, sending keep alives</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[ENC] generating IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 10[NET] sending packet: from 10.138.0.4[500] to 200.1*.1*3.*[500] (316 bytes)</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[NET] received packet: from 200.1*.1*3.*[4500] to 10.138.0.4[4500] (240 bytes)</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[ENC] parsed IKE_AUTH request 1 [ IDi N(INIT_CONTACT) AUTH N(MSG_ID_SYN_SUP) SA TSi TSr ]</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] looking for peer configs matching 10.138.0.4[%any]...200.1*.1*3.*[200.1*.1*3.*]</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] candidate "televida", match: 1/1/2076 (me/other/ike)</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] selected peer config 'televida'</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[IKE] authentication of '200.1*.1*3.*' with pre-shared key successful</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[IKE] authentication of '35.185.2**.** ' (myself) with RSA signature successful</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[IKE] IKE_SA televida[1] established between 10.138.0.4[35.185.2**.** ]...200.1*.1*3.*[200.1*.1*3.*]</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[IKE] scheduling rekeying in 9730s</font></div><div class="gmail_default"><font face="tahoma, sans-serif" color="#000000"><b style="background-color:rgb(255,255,0)">Apr 1 20:57:58 klick-001 charon: 11[IKE] maximum IKE_SA lifetime 10270s</b></font></div><div class="gmail_default"><font face="tahoma, sans-serif" color="#000000"><b style="background-color:rgb(255,255,0)">Apr 1 20:57:58 klick-001 charon: 11[IKE] expected a virtual IP request, sending FAILED_CP_REQUIRED</b></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] looking for a child config for <a href="http://0.0.0.0/0">0.0.0.0/0</a> === <a href="http://0.0.0.0/0">0.0.0.0/0</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] proposing traffic selectors for us:</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] <a href="http://10.138.0.0/20">10.138.0.0/20</a></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] proposing traffic selectors for other:</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] dynamic</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] candidate "televida" with prio 1+5</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[CFG] found matching child config "televida" with prio 6</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[IKE] configuration payload negotiation failed, no CHILD_SA built</font></div><div class="gmail_default"><font face="tahoma, sans-serif"><b>Apr 1 20:57:58 klick-001 charon: 11[IKE] failed to establish CHILD_SA, keeping IKE_SA</b></font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(FAIL_CP_REQ) ]</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:57:58 klick-001 charon: 11[NET] sending packet: from 10.138.0.4[4500] to 200.1*.1*3.*[4500] (608 bytes)</font></div><div class="gmail_default"><font face="tahoma, sans-serif">Apr 1 20:58:02 klick-001 charon: 12[NET] received packet: from 200.1*.1*3.*[500] to 10.138.0.4[500] (292 bytes)</font></div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">Please assist :</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif">Regards</div><div style="font-family:tahoma,sans-serif">Moses K</div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 1, 2019 at 10:17 PM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com">kariukims@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Any kind souls out there in this?</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Mar 31, 2019 at 3:32 PM MOSES KARIUKI <<a href="mailto:kariukims@gmail.com" target="_blank">kariukims@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Dear Team,<br></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">I have not yet succeeded in establishing a connection to the remote Fortigate client. The remote client has internal IPs in the range </div><div class="gmail_default" style="font-family:tahoma,sans-serif">I have the following configuration :</div><div class="gmail_default"><div class="gmail_default" style="font-family:tahoma,sans-serif"><b><i>sudo route -n</i></b></div><div class="gmail_default" style="font-family:tahoma,sans-serif">Kernel IP routing table</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Destination Gateway Genmask Flags Metric Ref Use Iface</div><div class="gmail_default" style="font-family:tahoma,sans-serif">0.0.0.0 10.138.0.1 0.0.0.0 UG 100 0 0 ens4</div><div class="gmail_default" style="font-family:tahoma,sans-serif">10.138.0.1 0.0.0.0 255.255.255.255 UH 100 0 0 ens4</div><div style="font-family:tahoma,sans-serif"><br></div><div style="font-family:tahoma,sans-serif"><i>I have these rules :</i></div><div><div><font face="tahoma, sans-serif">*nat</font></div><div><font face="tahoma, sans-serif">-A POSTROUTING -s <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a> -o ens4 -m policy --pol ipsec --dir out -j ACCEPT</font></div><div><font face="tahoma, sans-serif">-A POSTROUTING -s <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a> -o ens4 -j MASQUERADE</font></div><div><font face="tahoma, sans-serif">COMMIT</font></div><div><font face="tahoma, sans-serif"><br></font></div><div><font face="tahoma, sans-serif">*mangle</font></div><div><font face="tahoma, sans-serif">-A FORWARD --match policy --pol ipsec --dir in -s <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a> -o ens4 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360</font></div><div><font face="tahoma, sans-serif">COMMIT</font></div><div><font face="tahoma, sans-serif"><br></font></div><div><font face="tahoma, sans-serif">-A ufw-before-forward --match policy --pol ipsec --dir in --proto esp -s <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a> -j ACCEPT</font></div><div><font face="tahoma, sans-serif">-A ufw-before-forward --match policy --pol ipsec --dir out --proto esp -d <a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a> -j ACCEPT</font></div></div><div><font face="tahoma, sans-serif"><br></font></div><div><font face="tahoma, sans-serif"><b><i>This is my Strongswan configuration :</i></b></font></div><div><font face="tahoma, sans-serif"><div>config setup</div><div> charondebug="ike 1, knl 1, cfg 2"</div><div> uniqueids=yes</div><div><br></div><div>conn televida</div><div> auto=route</div><div> compress=no</div><div> type=tunnel</div><div> reauth=no</div><div> mobike=no</div><div> keyexchange=ikev2</div><div> fragmentation=yes</div><div> forceencaps=yes</div><div> dpdaction=clear</div><div> dpddelay=300s</div><div> rekey=no</div><div> rightfirewall=yes</div><div> leftfirewall=yes</div><div> left=%any</div><div> leftid=35.185.2**.** </div><div> leftcert=server-cert.pem</div><div> leftsendcert=never</div><div> <b> leftsubnet=<a href="http://10.138.0.0/20,0.0.0.0/0" target="_blank">10.138.0.0/20,0.0.0.0/0</a></b></div><div> right=200.1*.1*3.* </div><div> rightid=%any</div><div> rightauth=psk</div><div><b> rightsourceip=<a href="http://10.10.10.0/24" target="_blank">10.10.10.0/24</a></b></div><div> #rightsourceip=</div><div> rightdns=8.8.8.8,8.8.4.4</div><div> rightsendcert=never</div><div> ike=aes256-sha256-ecp521</div><div> esp=aes256-sha256-ecp521</div><div><br></div><div>This is the error that I am getting :</div><div><div><b><i>sudo ipsec up televida</i></b></div><div>initiating IKE_SA televida[1] to 200.1*.1*3.*</div><div>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]</div><div>sending packet: from 10.138.0.4[500] to 200.1*.1*3.*[500] (1006 bytes)</div><div>received packet: from 200.1*.1*3.*[500] to 10.138.0.4[500] (292 bytes)</div><div>parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]</div><div>local host is behind NAT, sending keep alives</div><div>authentication of '35.185.2**.**' (myself) with RSA signature successful</div><div>establishing CHILD_SA televida{2}</div><div>generating IKE_AUTH request 1 [ IDi AUTH SA TSi TSr N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]</div><div>sending packet: from 10.138.0.4[4500] to 200.1*.1*3.*[4500] (816 bytes)</div><div>retransmit 1 of request with message ID 1</div><div>sending packet: from 10.138.0.4[4500] to 200.1*.1*3.*[4500] (816 bytes)</div><div>retransmit 2 of request with message ID 1</div><div>sending packet: from 10.138.0.4[4500] to 200.1*.1*3.*[4500] (816 bytes)</div><div>retransmit 3 of request with message ID 1</div><div>sending packet: from 10.138.0.4[4500] to 200.1*.1*3.*[4500] (816 bytes)</div><div>sending keep alive to 200.1*.1*3.*[4500]</div><div>retransmit 4 of request with message ID 1</div><div>sending packet: from 10.138.0.4[4500] to 200.1*.1*3.*[4500] (816 bytes)</div><div>sending keep alive to 200.1*.1*3.*[4500]</div><div>sending keep alive to 200.1*.1*3.*[4500]</div><div>retransmit 5 of request with message ID 1</div><div>sending packet: from 10.138.0.4[4500] to 200.1*.1*3.*[4500] (816 bytes)</div><div>sending keep alive to 200.1*.1*3.*[4500]</div><div>sending keep alive to 200.1*.1*3.*[4500]</div><div>sending keep alive to 200.1*.1*3.*[4500]</div><div>giving up after 5 retransmits</div><div>peer not responding, trying again (2/3)</div><div>initiating IKE_SA televida[1] to 200.1*.1*3.*</div><div>establishing connection 'televida' failed</div></div><div><br></div><div>My biggest question is :</div><div>Do the two private Subnets need to be under the same Subnet Mask?</div><div>My private IP is <b>10.138.0.4</b>. He tells me that <a href="http://10.28.2.8/32" target="_blank">10.28.2.8/32</a> is his private.</div><div>Please advise. I have re-installed again and again with no success.</div><div><br></div><div>Regards,</div><div>Moses Kariuki</div></font></div><div><font face="tahoma, sans-serif"><br></font></div></div><div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div></div></div></div></div></div></div>
</blockquote></div>
</blockquote></div>