[strongSwan] StrongSWAN 5.3.5 <-> Dell Sonicwall showing multiple connections
Mahesh Neelakanta
neelakanta at gmail.com
Mon Nov 21 22:55:20 CET 2016
I am trying to setup a IkeV2 VPN connection between a StrongSWAN 5.3.5
system and a Dell Sonicwall. In doing so, it seems like the strongswan side
sees the connection as up but sonicwall side does not. Furthermore, the
statusall output shows what looks like a second connection/tunnel trying to
be established.
Any ideas/suggestions appreciated. Logs are large so I've put them on
pastebin.
*Log output (level 2)*
http://pastebin.com/mZEkRTTp
*Config*
config setup
uniqueids=no
conn %default
left=%defaultroute
leftid=51.15.85.15
keyingtries=%forever
keyexchange=ikev1
type=tunnel
compress=no
authby=secret
auto=start
dpdaction=none
conn vpn-basf-prd #NOAUTO
leftsubnet=51.76.21.161/32 # enterprise-mirth-01
right=191.25.81.121
rightid=191.25.81.121
rightsubnet=10.10.10.105/32
ike=aes256-sha1-modp1024
esp=aes256-sha1-modp1024
keyexchange=ikev2
ikelifetime=86400s
keylife=28800s
*ipsec statusall output*
vpn-basf-prd: %any...191.25.81.121 IKEv2
vpn-basf-prd: local: [51.15.85.15] uses pre-shared key authentication
vpn-basf-prd: remote: [191.25.81.121] uses pre-shared key authentication
vpn-basf-prd: child: 51.76.21.161/32 === 10.10.10.105/32 TUNNEL
vpn-basf-prd[73]: ESTABLISHED 2 seconds ago,
10.20.1.18[51.15.85.15]...191.25.81.121[191.25.81.121]
vpn-basf-prd[73]: IKEv2 SPIs: 41cb5d5c3cb88170_i 51f00949b54db925_r*,
pre-shared key reauthentication in 23 hours
vpn-basf-prd[73]: IKE proposal:
AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
vpn-basf-prd{141}: INSTALLED, TUNNEL, reqid 128, ESP in UDP SPIs:
cb81da30_i 84d00d14_o
vpn-basf-prd{141}: AES_CBC_256/HMAC_SHA1_96, 0 bytes_i, 168 bytes_o (2
pkts, 1s ago), rekeying in 7 hours
vpn-basf-prd{141}: 51.76.21.161/32 === 10.10.10.105/32
vpn-basf-prd[19]: CONNECTING,
10.20.1.18[51.15.85.15]...191.25.81.121[191.25.81.121]
vpn-basf-prd[19]: IKEv2 SPIs: 5e925fa468fc0409_i* f367cd479c87f8a7_r
vpn-basf-prd[19]: IKE proposal:
AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
vpn-basf-prd[19]: Tasks active: IKE_CERT_PRE IKE_AUTH IKE_CERT_POST
IKE_CONFIG CHILD_CREATE IKE_AUTH_LIFETIME IKE_MOBIK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161121/81a73c5c/attachment.html>
More information about the Users
mailing list