Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EE3C219743 for ; Wed, 6 Apr 2016 14:00:45 +0000 (UTC) Received: (qmail 45211 invoked by uid 500); 6 Apr 2016 14:00:45 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 45156 invoked by uid 500); 6 Apr 2016 14:00:45 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 45145 invoked by uid 99); 6 Apr 2016 14:00:45 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Apr 2016 14:00:45 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 15C1EDFD5B; Wed, 6 Apr 2016 14:00:45 +0000 (UTC) From: pdion891 To: dev@cloudstack.apache.org Reply-To: dev@cloudstack.apache.org References: In-Reply-To: Subject: [GitHub] cloudstack pull request: Strongswan vpn feature Content-Type: text/plain Message-Id: <20160406140045.15C1EDFD5B@git1-us-west.apache.org> Date: Wed, 6 Apr 2016 14:00:45 +0000 (UTC) Github user pdion891 commented on the pull request: https://github.com/apache/cloudstack/pull/872#issuecomment-206384893 I have an environment to test this PR which as been build from @jayapalu branch, the managment-server and the systemVM template from: http://jenkins.buildacloud.org/job/build-systemvm64-GithubPullRequest/ So far I've been able to create S2S vpn between 2 VPC and it worked. but I still can't have the remote management VPN from osX to work. here is the {/var/log/auth.log} from the VR: ``` Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: received Vendor ID payload [RFC 3947] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: ignoring Vendor ID payload [FRAGMENTATION 80000000] Apr 6 13:45:02 r-234-VM pluto[2294]: packet from 70.83.27.40:500: received Vendor ID payload [Dead Peer Detection] Apr 6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: responding to Main Mode from unknown peer 70.83.27.40 Apr 6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: NAT-Traversal: Result using RFC 3947: peer is NATed Apr 6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[5] 70.83.27.40 #33: Peer ID is ID_IPV4_ADDR: '192.168.10.140' Apr 6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40 #33: deleting connection "L2TP-PSK" instance with peer 70.83.27.40 {isakmp=#0/ipsec=#0} Apr 6 13:45:02 r-234-VM pluto[2294]: | NAT-T: new mapping 70.83.27.40:500/4500) Apr 6 13:45:02 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sent MR3, ISAKMP SA established Apr 6 13:45:03 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: cannot respond to IPsec SA request because no connection is known for 74.121.246.131:4500[74.121.246.131]:17/1701...70.83.27.40:4500[192.168.10.140]:17/%any==={192.168.10.140/32} Apr 6 13:45:03 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted notification INVALID_ID_INFORMATION to 70.83.27.40:4500 Apr 6 13:45:07 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this is a duplicated packet) Apr 6 13:45:07 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted notification INVALID_MESSAGE_ID to 70.83.27.40:4500 Apr 6 13:45:10 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this is a duplicated packet) Apr 6 13:45:10 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted notification INVALID_MESSAGE_ID to 70.83.27.40:4500 Apr 6 13:45:13 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x77efe8ea (perhaps this is a duplicated packet) Apr 6 13:45:13 r-234-VM pluto[2294]: "L2TP-PSK"[6] 70.83.27.40:4500 #33: sending encrypted notification INVALID_MESSAGE_ID to 70.83.27.40:4500 ``` Please let me know if you need more logs or tests, I'll keep that environment UP. --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastructure@apache.org or file a JIRA ticket with INFRA. ---