Hi,
I have trouble configuring ipsec with my sokeris 6501 (OBSD 5.7) with a
carrier router (Juniper).
SA seems to work well, I see packets going out on em0 and also see them on
enc0. However, the other side said nothing come but they also see SA
working and can see traffic going out.
There may be explanation for this situation:
- I have another IPSEC tunnel on same public IP (both on em0/enc0)
- the carrier IPs seems to be on same network so OBSD may be lost with it
*network*
dmz network (DDD.EEE.FFF.0/28) <--(AAA.BBB.CCC.192)-->Internet<--(
GGG.HHH.III.150)--> .... server (GGG.HHH.III.149)
*ipsec.conf:*
//working ipsec tunnel
ike passive esp from {192.168.10.0/24, 192.168.11.0/24 192.168.12.0/24} to
192.168.1.0/24 \
local AAA.BBB.CCC.192 \
main auth hmac-sha1 enc 3des group modp1024 lifetime 28800 \
quick auth hmac-sha1 enc aes-256 group none lifetime 28800 \
srcid "gtfwpo192" dstid "pojimusho169" \
psk secret
//carrier ipsec (not working)
ike esp from DDD.EEE.FFF.0/28 to GGG.HHH.III.149/32 \
local AAA.BBB.CCC.192 peer GGG.HHH.III.150 \
main auth hmac-sha1 enc aes group modp1024 lifetime 86400 \
quick auth hmac-sha2-256 enc aes group none lifetime 86400 \
srcid "AAA.BBB.CCC.192" dstid "GGG.HHH.III.150" \
psk secret2
I tried to enable or disable PF and use super permissive rules but nothing
change.
Do you have some ideas on what it could be?
Thanks by advance!
