You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by pdion891 <gi...@git.apache.org> on 2016/04/06 16:00:45 UTC

[GitHub] cloudstack pull request: Strongswan vpn feature

Github user pdion891 commented on the pull request:

    https://github.com/apache/cloudstack/pull/872#issuecomment-206384893
  
    I have an environment to test this PR which as been build from @jayapalu branch, the managment-server and the systemVM template from: http://jenkins.buildacloud.org/job/build-systemvm64-GithubPullRequest/
    
    So far I've been able to create S2S vpn between 2 VPC and it worked.  but I still can't have the remote management VPN from  osX to work. 
    
    here is the {/var/log/auth.log} from the VR:
    ```
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: received Vendor ID payload [RFC 3947]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [FRAGMENTATION 80000000]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: received Vendor ID payload [Dead Peer Detection]
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: responding to Main Mode from unknown peer 70.83.27.40
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: NAT-Traversal: Result using RFC 3947: peer is NATed
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: Peer ID is ID_IPV4_ADDR: '192.168.10.140'
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40 #33: deleting connection "L2TP-PSK" instance with peer 70.83.27.40 {isakmp=#0/ipsec=#0}
    Apr  6 13:45:02 r-234-VM pluto[2294]: | NAT-T: new mapping 70.83.27.40:500/4500)
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sent MR3, ISAKMP SA established
    Apr  6 13:45:03 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: cannot respond to IPsec SA request because no connection is known for 74.121.246.131:4500[74.121.246.131]:17/1701...70.83.27.40:4500[192.168.10.140]:17/%any==={192.168.10.140/32}
    Apr  6 13:45:03 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted notification INVALID_ID_INFORMATION to 70.83.27.40:4500
    Apr  6 13:45:07 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this is a duplicated packet)
    Apr  6 13:45:07 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted notification INVALID_MESSAGE_ID to 70.83.27.40:4500
    Apr  6 13:45:10 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this is a duplicated packet)
    Apr  6 13:45:10 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted notification INVALID_MESSAGE_ID to 70.83.27.40:4500
    Apr  6 13:45:13 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this is a duplicated packet)
    Apr  6 13:45:13 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted notification INVALID_MESSAGE_ID to 70.83.27.40:4500
    ```
    
    Please let me know if you need more logs or tests, I'll keep that environment UP.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---