[Ilugc] IPSEC Connection between Gateway Firewalls

From: vpadarsh@xxxxxxxxx (~adarsh~)
Date: Wed Jun 28 14:06:42 2006

Hi Binand,
Here is the logs from one end

Jun 29 10:26:56 firewalldxb ipsec_setup: Starting strongSwan IPsec 2.0.2...
Jun 29 10:26:56 firewalldxb ipsec_setup: KLIPS ipsec0 on eth1
195.229.190.151/255.255.255.240 broadcast 195.229.190.159
Jun 29 10:26:56 firewalldxb ipsec__plutorun: Starting Pluto subsystem...
Jun 29 10:26:56 firewalldxb ipsec_setup: ...strongSwan IPsec started
Jun 29 10:26:56 firewalldxb pluto[30734]: Starting Pluto (strongSwan
Version 2.0.2 X.509-1.5.4 LIBCURL LDAP_V3 SMARTCARD PLUTO_USES_KEYRR)
Jun 29 10:26:56 firewalldxb pluto[30734]:   including NAT-Traversal
patch (Version 0.6c) [disabled]
Jun 29 10:26:56 firewalldxb pluto[30734]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 29 10:26:56 firewalldxb pluto[30734]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jun 29 10:26:56 firewalldxb pluto[30734]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jun 29 10:26:56 firewalldxb pluto[30734]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jun 29 10:26:56 firewalldxb pluto[30734]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jun 29 10:26:56 firewalldxb pluto[30734]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jun 29 10:26:56 firewalldxb pluto[30734]: ike_alg_register_enc():
Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Jun 29 10:26:56 firewalldxb pluto[30734]: Using Linux 2.6 IPsec interface code
Jun 29 10:26:57 firewalldxb pluto[30734]: Changing to directory
'/etc/freeswan/ipsec.d/cacerts'
Jun 29 10:26:57 firewalldxb pluto[30734]:   loaded CA cert file
'ca.crt' (1338 bytes)
Jun 29 10:26:57 firewalldxb pluto[30734]: Changing to directory
'/etc/freeswan/ipsec.d/aacerts'
Jun 29 10:26:57 firewalldxb pluto[30734]: Changing to directory
'/etc/freeswan/ipsec.d/ocspcerts'
Jun 29 10:26:57 firewalldxb pluto[30734]: Changing to directory
'/etc/freeswan/ipsec.d/crls'
Jun 29 10:26:57 firewalldxb pluto[30734]:   loaded crl file 'crl.crt'
(707 bytes)
Jun 29 10:26:57 firewalldxb pluto[30734]: Changing to directory
'/etc/freeswan/ipsec.d/acerts'
Jun 29 10:26:57 firewalldxb pluto[30734]: | from whack: got --esp=3des
Jun 29 10:26:57 firewalldxb pluto[30734]: | from whack: got --ike=3des
Jun 29 10:26:57 firewalldxb pluto[30734]:   loaded host cert file
'/etc/freeswan/ipsec.d/certs/firewallother.test.com.crt' (1346 bytes)
Jun 29 10:26:57 firewalldxb pluto[30734]:   loaded host cert file
'/etc/freeswan/ipsec.d/certs/firewalldxb.test.com.crt' (1334 bytes)
Jun 29 10:26:57 firewalldxb pluto[30734]: added connection description
"firewallother.test.com-vpn"
Jun 29 10:26:57 firewalldxb pluto[30734]: listening for IKE messages
Jun 29 10:26:57 firewalldxb pluto[30734]: adding interface eth1/eth1
195.229.190.151
Jun 29 10:26:57 firewalldxb pluto[30734]: adding interface eth0/eth0 192.168.1.1
Jun 29 10:26:57 firewalldxb pluto[30734]: adding interface lo/lo 127.0.0.1
Jun 29 10:26:57 firewalldxb pluto[30734]: adding interface lo/lo ::1
Jun 29 10:26:57 firewalldxb pluto[30734]: loading secrets from
"/etc/freeswan/ipsec.secrets"
Jun 29 10:26:57 firewalldxb pluto[30734]:   loaded private key file
'/etc/freeswan/ipsec.d/private/firewalldxb.test.com.key' (1675 bytes)
Jun 29 10:26:57 firewalldxb pluto[30734]:
"firewallother.test.com-vpn" #1: initiating Main Mode
Jun 29 10:26:57 firewalldxb ipsec__plutorun: 104
"firewallother.test.com-vpn" #1: STATE_MAIN_I1: initiate
Jun 29 10:26:57 firewalldxb ipsec__plutorun: ...could not start conn
"firewallother.test.com-vpn"
Jun 29 10:26:59 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#1: Peer ID is ID_DER_ASN1_DN: 'C=IR, ST=Loc, L=Loc, O=Unes, OU=xxx,
CN=firewallother.test.com, E=adarsh@xxxxxxxx'
Jun 29 10:26:59 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#1: ISAKMP SA established
Jun 29 10:26:59 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#2: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using
isakmp#1}
Jun 29 10:27:00 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#2: sent QI2, IPsec SA established {ESP=>0x7aa1020a <0xfd6ec5d8
IPCOMP=>0x0000bb41 <0x0000abff}
Jun 29 10:27:00 firewalldxb CROND[30841]: (root) CMD (
/usr/share/msec/promisc_check.sh)
Jun 29 10:27:05 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#3: responding to Main Mode
Jun 29 10:27:06 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#3: Peer ID is ID_DER_ASN1_DN: 'C=IR, ST=Loc, L=Loc, O=Unes, OU=xxx,
CN=firewallother.test.com, E=adarsh@xxxxxxxx'
Jun 29 10:27:06 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#3: sent MR3, ISAKMP SA established
Jun 29 10:27:07 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#4: responding to Quick Mode
Jun 29 10:27:07 firewalldxb pluto[30734]: "firewallother.test.com-vpn"
#4: IPsec SA established {ESP=>0x4fcbbcdf <0x200aaf8a
IPCOMP=>0x00003dd8 <0x000069e1}

regards
Adarsh

Follow-Ups:
- [Ilugc] IPSEC Connection between Gateway Firewalls
  - From: Binand Sethumadhavan

References:
- [Ilugc] IPSEC Connection between Gateway Firewalls
  - From: ~adarsh~
- [Ilugc] IPSEC Connection between Gateway Firewalls
  - From: Binand Sethumadhavan
- [Ilugc] IPSEC Connection between Gateway Firewalls
  - From: ~adarsh~

[Ilugc] IPSEC Connection between Gateway Firewalls

Other related posts: