Why is ipsec connection not active?

V

Vano01rus2021-12-23 23:25:57

linux

Vano01rus, 2021-12-23 23:25:57

I'm trying to set up an ipsec tunnel between two firewalls on different subnets .

The parameters are as follows:
1. IPSec first phase policy settings:
— SHA-1 integrity check;
- 3DES encryption;
— Diffie-Hellman group 14 (2048);
- WSR-2019 shared key authentication.
2. Traffic transformation parameters for the second phase of IPSec:
— ESP protocol;
- AES encryption;
- SHA-2 integrity check. 3. Only GRE traffic between L-FW and R-FW
should be specified as traffic allowed to pass through the IPSec tunnel .
(GRE configured)
Used libreswan
Config like this (path
/etc/ipsec.d/ipsec.conf) conn vpn
auto=start
type=tunnel
authby=secret
ike=3des-sha1;dh14
esp=aes-sha2
left=10.10.10.1
right=20.20.20.20.100
leftprotoport=gre
rightprotoport=gre
pfs=no
Key(path /etc/ipsec.d/ipsec .secrets)
20.20.20.100 10.10.10.1: PSK "WSR-2019"

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

ky0, 2021-12-24
@ky0

I'll be surprised if someone agrees to debug your tunnels for free. Smoke connection logs, look for error messages, this is useful in the long run.

A

AlexVWill, 2021-12-24
@AlexVWill

esp=aes-sha2
left=10.10.10.1
right=20.20.20.20.100

do you see any error here?
In general, they correctly noted that the logs are needed, the client and the server under the cut (not all, but only the part that will show the error).