cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pdion891 <...@git.apache.org>
Subject [GitHub] cloudstack pull request: Strongswan vpn feature
Date Wed, 06 Apr 2016 14:00:45 GMT
Github user pdion891 commented on the pull request:

    https://github.com/apache/cloudstack/pull/872#issuecomment-206384893
  
    I have an environment to test this PR which as been build from @jayapalu branch, the managment-server
and the systemVM template from: http://jenkins.buildacloud.org/job/build-systemvm64-GithubPullRequest/
    
    So far I've been able to create S2S vpn between 2 VPC and it worked.  but I still can't
have the remote management VPN from  osX to work. 
    
    here is the {/var/log/auth.log} from the VR:
    ```
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: received Vendor ID
payload [RFC 3947]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [4df37928e9fc4fd1b3262170d515c662]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [8f8d83826d246b6fc7a8a6a428c11de8]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [439b59f8ba676c4c7737ae22eab8f582]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [4d1e0e136deafa34c4f3ea9f02ec7285]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [80d0bb3def54565ee84645d4c85ce3ee]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [9909b64eed937c6573de52ace952fa6b]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-03]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-02]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-02_n]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID
payload [FRAGMENTATION 80000000]
    Apr  6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: received Vendor ID
payload [Dead Peer Detection]
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: responding to Main
Mode from unknown peer 70.83.27.40
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: NAT-Traversal: Result
using RFC 3947: peer is NATed
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: Peer ID is ID_IPV4_ADDR:
'192.168.10.140'
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40 #33: deleting connection
"L2TP-PSK" instance with peer 70.83.27.40 {isakmp=#0/ipsec=#0}
    Apr  6 13:45:02 r-234-VM pluto[2294]: | NAT-T: new mapping 70.83.27.40:500/4500)
    Apr  6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sent MR3, ISAKMP
SA established
    Apr  6 13:45:03 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: cannot respond
to IPsec SA request because no connection is known for 74.121.246.131:4500[74.121.246.131]:17/1701...70.83.27.40:4500[192.168.10.140]:17/%any==={192.168.10.140/32}
    Apr  6 13:45:03 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted
notification INVALID_ID_INFORMATION to 70.83.27.40:4500
    Apr  6 13:45:07 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1
message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this
is a duplicated packet)
    Apr  6 13:45:07 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted
notification INVALID_MESSAGE_ID to 70.83.27.40:4500
    Apr  6 13:45:10 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1
message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this
is a duplicated packet)
    Apr  6 13:45:10 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted
notification INVALID_MESSAGE_ID to 70.83.27.40:4500
    Apr  6 13:45:13 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1
message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this
is a duplicated packet)
    Apr  6 13:45:13 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted
notification INVALID_MESSAGE_ID to 70.83.27.40:4500
    ```
    
    Please let me know if you need more logs or tests, I'll keep that environment UP.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message