Results 1 to 3 of 3
  1. #1
    Newbie
    Join Date
    Sep 2017
    Posts
    3

    Default IPsec tunnel to HP secblade will only establish when initiated from HP secblade

    Hi

    I have configured an IPSec VPN to a 3rd party provider of ours that we are told use an HP Secblade firewall. We previously had this configuration working fine using PFSense. We replaced PFSense with Untangle and set up the VPN using the same settings which have been confirmed by the admin for the HP Secblade (I have no access to the remote firewall, we have to go through the tech support of the 3rd party).

    If the 3rd party provider PING an IP on our side, the tunnel establishes. However, if we attempt to PING the remote network, the tunnel does not establish. Furthermore, the IP log does not even show an attempt to connect.

    Why would Untangle not even attempt to establish the connection, and is there a way to force the tunnel to connect (there is in PFSense).

    Thank you for any help.

    Jude

  2. #2
    Newbie
    Join Date
    Sep 2017
    Posts
    3

    Default

    So if I tracert to an IP on the remote network:
    172.25.28.10, I only get 2 hops:

    1 <1 ms <1 ms <1 ms 172.16.0.253
    2 * glfd-lam-1-s402-0.network.virginmedia.net [62.252.27.65] reports: Destination net unreachable.

    Which suggests the untangle IPsec module isn't picking up the request to connect - it sends the packet straight out to the Internet (62.252.27.65)

    In Untangle, I have remote network set to: 172.25.28.0/24

  3. #3
    Newbie
    Join Date
    Sep 2017
    Posts
    3

    Default

    Ok, I've set IPSec connection to on all the time, and get this in the logs:

    Sep 13 11:50:36 untangle charon: 06[IKE] deleting IKE_SA UT3_COINS[2] between 62.252.27.66[62.252.27.66]...37.46.5.168[37.46.5.168]
    Sep 13 11:50:36 untangle charon: 06[IKE] deleting IKE_SA UT3_COINS[2] between 62.252.27.66[62.252.27.66]...37.46.5.168[37.46.5.168]
    Sep 13 11:50:36 untangle charon: 06[IKE] received DELETE for IKE_SA UT3_COINS[2]
    Sep 13 11:50:36 untangle charon: 06[ENC] parsed INFORMATIONAL_V1 request 504021905 [ HASH D ]
    Sep 13 11:50:36 untangle charon: 06[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (84 bytes)
    Sep 13 11:50:24 untangle charon: 12[IKE] CHILD_SA UT3_COINS{2} established with SPIs ca7b628c_i d18dd829_o and TS 172.16.0.0/16 === 172.25.28.0/24
    Sep 13 11:50:24 untangle charon: 12[IKE] CHILD_SA UT3_COINS{2} established with SPIs ca7b628c_i d18dd829_o and TS 172.16.0.0/16 === 172.25.28.0/24
    Sep 13 11:50:24 untangle charon: 12[ENC] parsed QUICK_MODE request 4158507106 [ HASH ]
    Sep 13 11:50:24 untangle charon: 12[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (52 bytes)
    Sep 13 11:50:24 untangle charon: 11[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (188 bytes)
    Sep 13 11:50:24 untangle charon: 11[ENC] generating QUICK_MODE response 4158507106 [ HASH SA No ID ID ]
    Sep 13 11:50:24 untangle charon: 11[IKE] received 1843200000 lifebytes, configured 0
    Sep 13 11:50:24 untangle charon: 11[ENC] parsed QUICK_MODE request 4158507106 [ HASH SA No ID ID ]
    Sep 13 11:50:24 untangle charon: 11[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (172 bytes)
    Sep 13 11:50:24 untangle charon: 09[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (68 bytes)
    Sep 13 11:50:24 untangle charon: 09[ENC] generating ID_PROT response 0 [ ID HASH ]
    Sep 13 11:50:24 untangle charon: 09[IKE] maximum IKE_SA lifetime 28707s
    Sep 13 11:50:24 untangle charon: 09[IKE] scheduling reauthentication in 28167s
    Sep 13 11:50:24 untangle charon: 09[IKE] IKE_SA UT3_COINS[2] established between 62.252.27.66[62.252.27.66]...37.46.5.168[37.46.5.168]
    Sep 13 11:50:24 untangle charon: 09[IKE] IKE_SA UT3_COINS[2] established between 62.252.27.66[62.252.27.66]...37.46.5.168[37.46.5.168]
    Sep 13 11:50:24 untangle charon: 09[CFG] selected peer config "UT3_COINS"
    Sep 13 11:50:24 untangle charon: 09[CFG] looking for pre-shared key peer configs matching 62.252.27.66...37.46.5.168[37.46.5.168]
    Sep 13 11:50:24 untangle charon: 09[ENC] parsed ID_PROT request 0 [ ID HASH ]
    Sep 13 11:50:24 untangle charon: 09[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (68 bytes)
    Sep 13 11:50:24 untangle charon: 07[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (196 bytes)
    Sep 13 11:50:24 untangle charon: 07[ENC] generating ID_PROT response 0 [ KE No ]
    Sep 13 11:50:24 untangle charon: 07[IKE] received DPD vendor ID
    Sep 13 11:50:24 untangle charon: 07[ENC] parsed ID_PROT request 0 [ KE No V ]
    Sep 13 11:50:24 untangle charon: 07[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (200 bytes)
    Sep 13 11:50:24 untangle charon: 08[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (116 bytes)
    Sep 13 11:50:24 untangle charon: 08[ENC] generating ID_PROT response 0 [ SA V V ]
    Sep 13 11:50:24 untangle charon: 08[IKE] 37.46.5.168 is initiating a Main Mode IKE_SA
    Sep 13 11:50:24 untangle charon: 08[IKE] 37.46.5.168 is initiating a Main Mode IKE_SA
    Sep 13 11:50:24 untangle charon: 08[ENC] parsed ID_PROT request 0 [ SA ]
    Sep 13 11:50:24 untangle charon: 08[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (1084 bytes)
    Sep 13 11:50:21 untangle charon: 11[IKE] received ME_CONNECT_FAILED error notify
    Sep 13 11:50:21 untangle charon: 11[ENC] parsed INFORMATIONAL_V1 request 534263978 [ HASH N(ME_CONN_FAIL) ]
    Sep 13 11:50:21 untangle charon: 11[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (68 bytes)
    Sep 13 11:50:20 untangle charon: 09[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (172 bytes)
    Sep 13 11:50:20 untangle charon: 09[IKE] sending retransmit 2 of request message ID 2530180742, seq 4
    Sep 13 11:50:14 untangle charon: 10[IKE] received ME_CONNECT_FAILED error notify
    Sep 13 11:50:14 untangle charon: 10[ENC] parsed INFORMATIONAL_V1 request 3812311380 [ HASH N(ME_CONN_FAIL) ]
    Sep 13 11:50:14 untangle charon: 10[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (68 bytes)
    Sep 13 11:50:13 untangle charon: 07[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (172 bytes)
    Sep 13 11:50:13 untangle charon: 07[IKE] sending retransmit 1 of request message ID 2530180742, seq 4
    Sep 13 11:50:09 untangle charon: 12[IKE] received ME_CONNECT_FAILED error notify
    Sep 13 11:50:09 untangle charon: 12[ENC] parsed INFORMATIONAL_V1 request 885825242 [ HASH N(ME_CONN_FAIL) ]
    Sep 13 11:50:09 untangle charon: 12[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (68 bytes)
    Sep 13 11:50:09 untangle charon: 11[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (172 bytes)
    Sep 13 11:50:09 untangle charon: 11[ENC] generating QUICK_MODE request 2530180742 [ HASH SA No ID ID ]
    Sep 13 11:50:09 untangle charon: 11[IKE] maximum IKE_SA lifetime 28724s
    Sep 13 11:50:09 untangle charon: 11[IKE] scheduling reauthentication in 28184s
    Sep 13 11:50:09 untangle charon: 11[IKE] IKE_SA UT3_COINS[1] established between 62.252.27.66[62.252.27.66]...37.46.5.168[37.46.5.168]
    Sep 13 11:50:09 untangle charon: 11[IKE] IKE_SA UT3_COINS[1] established between 62.252.27.66[62.252.27.66]...37.46.5.168[37.46.5.168]
    Sep 13 11:50:09 untangle charon: 11[ENC] parsed ID_PROT response 0 [ ID HASH ]
    Sep 13 11:50:09 untangle charon: 11[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (68 bytes)
    Sep 13 11:50:09 untangle charon: 10[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (68 bytes)
    Sep 13 11:50:09 untangle charon: 10[ENC] generating ID_PROT request 0 [ ID HASH ]
    Sep 13 11:50:09 untangle charon: 10[IKE] received DPD vendor ID
    Sep 13 11:50:09 untangle charon: 10[ENC] parsed ID_PROT response 0 [ KE No V ]
    Sep 13 11:50:09 untangle charon: 10[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (216 bytes)
    Sep 13 11:50:09 untangle charon: 09[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (196 bytes)
    Sep 13 11:50:09 untangle charon: 09[ENC] generating ID_PROT request 0 [ KE No ]
    Sep 13 11:50:09 untangle charon: 09[ENC] parsed ID_PROT response 0 [ SA ]
    Sep 13 11:50:09 untangle charon: 09[NET] received packet: from 37.46.5.168[500] to 62.252.27.66[500] (80 bytes)
    Sep 13 11:50:09 untangle charon: 07[NET] sending packet: from 62.252.27.66[500] to 37.46.5.168[500] (152 bytes)
    Sep 13 11:50:09 untangle charon: 07[ENC] generating ID_PROT request 0 [ SA V V V V ]
    Sep 13 11:50:09 untangle charon: 07[IKE] initiating Main Mode IKE_SA UT3_COINS[1] to 37.46.5.168
    Sep 13 11:50:09 untangle charon: 07[IKE] initiating Main Mode IKE_SA UT3_COINS[1] to 37.46.5.168

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2