IPSEC tunnel connection issue

December 5, 2014 1k views

I don't have any experience with setting up tunnels. I have the following setup.

/etc/ipsec.d/home.conf

conn myvpn
left=178.62.232.25
leftsourceip=178.62.232.25
leftsubnet=10.137.205.240/32
right=196.210.222.40
rightsubnets={10.5.96.89/32,10.5.96.91/32,10.5.96.93/32,10.25.202.31/32,10.25.202.33/32,10.25.202.35/32,10.25.202.61/32,196.201.241.18/32,196.201.241.28/32}
authby=secret
ike=aes128-sha1-modp1024
esp=aes128-sha1
pfs=no
forceencaps=yes
auto=start
keyexchange=ike
ikelifetime=24h
keylife=8h
type=tunnel

/etc/ipsec.d/home.secrets
178.62.232.25 196.210.222.40: PSK "#s@JTc!@L15Pb"

When I run service ipsec status, I get the following result:

IPsec running - pluto pid: 922
pluto pid 922
9 tunnels up
some eroutes exist

However, I see the following when I run ipsec auto --status (last couple of lines):

000 #2: "saf/0x1":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 27793s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #2: "saf/0x1" esp.621d6516@196.210.222.40 esp.20047f4c@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #3: "saf/0x2":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 27993s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #3: "saf/0x2" esp.eecfc1f5@196.210.222.40 esp.cdc5bbc0@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #4: "saf/0x3":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 27952s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #4: "saf/0x3" esp.5dfd3f4f@196.210.222.40 esp.ed7745c7@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #5: "saf/0x4":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 27776s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #5: "saf/0x4" esp.ed6293e1@196.210.222.40 esp.73a8435d@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #6: "saf/0x5":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 28022s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #6: "saf/0x5" esp.dd9c0886@196.210.222.40 esp.4294aefc@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #7: "saf/0x6":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 27744s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #7: "saf/0x6" esp.ac83ec68@196.210.222.40 esp.e0be40e2@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #8: "saf/0x7":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 27805s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #8: "saf/0x7" esp.85a40845@196.210.222.40 esp.176971b5@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #9: "saf/0x8":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 27731s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #9: "saf/0x8" esp.e8d9b5c5@196.210.222.40 esp.caae9d35@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #10: "saf/0x9":4500 STATEQUICKI2 (sent QI2, IPsec SA established); EVENTSAREPLACE in 27991s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #10: "saf/0x9" esp.7a3c0521@196.210.222.40 esp.c78cc854@178.62.232.25 tun.0@196.210.222.40 tun.0@178.62.232.25 ref=0 refhim=4294901761
000 #1: "saf/0x9":4500 STATEMAINI4 (ISAKMP SA established); EVENTSAREPLACE in 85703s; newest ISAKMP; lastdpd=8s(seq in:0 out:0); idle; import:admin initiate
000

With all this I'm not able to ping/access any of the remote subnet addresses. What could the issue be?

Be the first one to answer this question.