Centos 6.9 and Libreswan configuration problem

Issues related to configuring your network
Post Reply
kissamies
Posts: 6
Joined: 2017/08/21 10:41:59

Centos 6.9 and Libreswan configuration problem

Post by kissamies » 2017/08/21 10:51:30

Hi all,

I am having problem in setting my Centos 6.9 connected to Juniper box with IPsec and libreswan. I can get the tunnel up but I cannot get nothing going through that tunnel. Others are able to connect to the same Juniper box just fine but not me even though they are using same configurations on the Juniper end. Therefore I believe it is something in my configurations. Any ideas on how I could get it running?

Configuration is done between these servers:
My Centos server: 10.1.0.101
Centos subnet: 10.1.0.0/24
My WAN IP: 192.100.30.120

External internal subnet: 10.40.17.0/24
External WAN IP: 82.230.50.17
External server: 10.40.17.16/24
ipsec.conf

Code: Select all

version 2.0
# basic configuration
config setup     
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.40.17.0/24

conn VPN
     authby=secret
     auto=start
     type=tunnel
     left=10.1.0.101
     leftid=192.100.30.120
     leftsubnet=10.1.0.0/24
     leftnexthop=%defaultroute
     right=82.230.50.17
     rightsubnet=10.40.17.0/24
     rightnexthop=%defaultroute
     ike=aes256-sha1;modp1536
     phase2=esp
     phase2alg=aes256-sha1
     keyexchange=ike
     pfs=yes

Code: Select all

    sh-4.1# ipsec verify
    Verifying installed system and configuration files

    Version check and ipsec on-path                         [OK]
    Libreswan 3.15 (netkey) on 2.6.32-696.6.3.el6.x86_64
    Checking for IPsec support in kernel                    [OK]
     NETKEY: Testing XFRM related proc values
             ICMP default/send_redirects                    [OK]
             ICMP default/accept_redirects                  [OK]
             XFRM larval drop                               [OK]
    Pluto ipsec.conf syntax                                 [OK]
    Hardware random device                                  [N/A]
    Checking rp_filter                                      [OK]
    Checking that pluto is running                          [OK]
     Pluto listening for IKE on udp 500                     [OK]
     Pluto listening for IKE/NAT-T on udp 4500              [OK]
     Pluto ipsec.secret syntax                              [OK]
    Checking 'ip' command                                   [OK]
    Checking 'iptables' command                             [OK]
    Checking 'prelink' command does not interfere with FIPS [PRESENT]
    Checking for obsolete ipsec.conf options                [OK]
    Opportunistic Encryption                                [DISABLED]

Code: Select all

000 #583: "VPN":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1596s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
000 #548: "VPN":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 1261s; newest IPSEC; eroute owner; isakmp#547; idle; import:admin initiate
000 #548: "VPN" esp.4677d4c@82.230.50.17 esp.df2d00af@10.1.0.101 tun.0@82.230.50.17 tun.0@10.1.0.101 ref=0 refhim=4294901761 Traffic: ESPout=0B ESPin=0B! ESPmax=4194303B
000 #581: "VPN":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_EXPIRE in 22s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate

What should I do now to get it working?

kissamies
Posts: 6
Joined: 2017/08/21 10:41:59

Re: Centos 6.9 and Libreswan configuration problem

Post by kissamies » 2017/08/23 03:55:42

Anyone? Any wild guesses what might be wrong with my configurations? :cry:

Post Reply