Answer the question
In order to leave comments, you need to log in
Why is ipsec connection not active?
I'm trying to set up an ipsec tunnel between two firewalls on different subnets .
The parameters are as follows:
1. IPSec first phase policy settings:
— SHA-1 integrity check;
- 3DES encryption;
— Diffie-Hellman group 14 (2048);
- WSR-2019 shared key authentication.
2. Traffic transformation parameters for the second phase of IPSec:
— ESP protocol;
- AES encryption;
- SHA-2 integrity check.
3. Only GRE traffic between L-FW and R-FW
should be specified as traffic allowed to pass through the IPSec tunnel .
(GRE configured)
Used libreswan
Config like this (path
/etc/ipsec.d/ipsec.conf) conn vpn
auto=start
type=tunnel
authby=secret
ike=3des-sha1;dh14
esp=aes-sha2
left=10.10.10.1
right=20.20.20.20.100
leftprotoport=gre
rightprotoport=gre
pfs=no
Key(path /etc/ipsec.d/ipsec .secrets)
20.20.20.100 10.10.10.1: PSK "WSR-2019"
Answer the question
In order to leave comments, you need to log in
I'll be surprised if someone agrees to debug your tunnels for free. Smoke connection logs, look for error messages, this is useful in the long run.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question