SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
Anonymous | Login | 2021-01-18 16:31 UTC | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
0004475 | Endian Firewall | VPN - IPSec | public | 2012-10-30 12:58 | 2012-10-30 12:58 | ||||||
Reporter | thomas-endian | ||||||||||
Assigned To | |||||||||||
Priority | normal | Severity | minor | Reproducibility | always | ||||||
Status | new | Resolution | open | ||||||||
Platform | OS | OS Version | |||||||||
Product Version | 2.5 | ||||||||||
Target Version | 2.5 | Fixed in Version | |||||||||
Summary | 0004475: multi WAN IPs and IPsec , PSK auth faild | ||||||||||
Description | ipsec.conf is not multi WAN IP compatible, I mean, if you have more than one RED IPs on the WAN interface (e.g. MAIN Uplink) a IPsec connect is only on the first IP possible! Although StronSwan listening on all IPs, but the ipsec.conf will filled only with the first one⦠---------------------------------------------------------------- conn nettonet dpdaction=restart dpddelay=30s dpdtimeout=120s left=80.73.113.xx leftnexthop=80.73.113.xx leftsubnet=192.168.0.0/24 leftsourceip=192.168.0.15 right=8.8.8.8 rightsubnet=192.168.1.0/24 leftid=80.73.113.xx rightid=8.8.8.8 authby=secret pfs=yes ikelifetime=1h keylife=8h ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3des-md5-modp1024 esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5 auto=start keyexchange=ikev1 ---------------------------------------------------------------- So, you get the following error, if you start connection to a second IP: Oct 30 13:25:24 efw2 pluto[6705]: packet from 80.187.106.xxx:500: initial Main Mode message received on 80.73.113.xxx:500 but no connection has been authorized with policy=PSK | ||||||||||
Additional Information | Workaround: - change the left site parameter in the ipsec.conf | ||||||||||
Tags | No tags attached. | ||||||||||
Attached Files | |||||||||||
![]() |
|||
Date Modified | Username | Field | Change |
2012-10-30 12:58 | thomas-endian | New Issue |
Copyright © 2000 - 2012 MantisBT Group |