HI all,
I have been running shorewall 2.4 with racoon and IPsec for awhile
now with no problems. I recently installed two new systems and matched
the racoon configs identically racoon seems to start fine and all but I
can not get the tunnel to start. Below are some errors that show up in
the logs when I try to get access anything on the other side of the
tunnel. The only difference in my setups is I upgraded from shorewall
2.4 to shorewall 3.1
here is the errors in my log:
Mar 6 09:49:13 pfars racoon: INFO: IPsec-SA request for 70.58.103.97
queued due to no phase1 found.
Mar 6 09:49:13 pfars racoon: INFO: initiate new phase 1 negotiation:
71.4.72.164[500]<=>70.58.103.97[500]
Mar 6 09:49:13 pfars racoon: INFO: begin Identity Protection mode.
Mar 6 09:49:13 pfars racoon: ERROR: sendfromto failed
Mar 6 09:49:13 pfars racoon: ERROR: failed to begin ipsec sa
negotication.
Mar 6 09:49:13 pfars kernel: Shorewall:all2all:REJECT:IN= OUT=eth0
SRC=71.4.72.164 DST=70.58.103.97 LEN=132 TOS=0x00 PREC=0x00 TTL=64 ID=7
DF PROTO=UDP SPT=500 DPT=500 LEN=112
My rules are simple as well.
Anything from the FW to net is allowed and anything from the dstIP to
the FW is allowed.
Not sure why I would be getting a reject if everything is allowed.
Any thoughs is greatly appreciated.
Thanks,
Jon Scottorn
Systems Administrator
The Possibility Forge, Inc.
http://www.possibilityforge.com
435.635.0591 x.1004