HI.
I have this sytuaction.
LAN_A-->WRVS4400n-->WAG160N--->INTERNET<---WAG54GS<--WRVS4400n<--LAN_B
I want make VPN between WRVS4400n.
LAN_A
| LAN_B
|
|---|
WRVS4400n: Lan 192.168.10.11 WAN 192.168.9.11 WAG160N: Lan 192.168.9.10 WAN static IP xx.xx.xx.81 | WRVS4400n: Lan 192.168.2.11 WAN 192.168.1.11 WAG54GS: 192.168.1.10 WAN static IP xx.xx.xx.95 |
On the tests in WAG-s all ports are forwarding on WRVS and I open 8080 for Remote Management in WRVS. I can get acces to bouth WRVS by Remote Management from outside networks. I make in bouth WRVS client vpn, but when I want connet by OpenVPN Cilent, I have access for few seccend and I get notificatin that the network not respond. Some time i get connection for long time.
Tunels configuration
NET A
| NET B
|
|---|
Tunel name: NET_A Local Group Setup Local Security Gateway Type: IP only Local IP: 192.168.9.11 Local Security Group Type: subnet IP. 192.168.10.0 submask 255.255.255.0 Remote Group Setup
Remote Security Gateway Type: IP only IP: xxx.xxx.xxx.95 Remote Security Group Type: subnet
IP Address: 192.168.2.0
Subnet Mask: 255.255.255.0
IPSec Setup
Keying Mode: IKE with Preshared Key
Phase 1:
Encryption: 3DES
Authentication:MD5 Group: 1024-bit
Key Lifetime: 28800 sec
Phase 2:
Encryption: 3DES
Authentication: MD5
Perfect Forward Secrecy: Enabled
Preshared Key: test_test
Group: 1024-bit
Key Lifetime: 3600 sec | Tunel name: NET_B Local Group Setup Local Security Gateway Type: IP only Local IP: 192.168.1.11
Local Security Group Type: subnet IP. 192.168.2.0 submask 255.255.255.0 Remote Group Setup
Remote Security Gateway Type: IP only IP: xxx.xxx.xxx.81 Remote Security Group Type: subnet
IP Address: 192.168.10.0
Subnet Mask: 255.255.255.0
IPSec Setup
Keying Mode: IKE with Preshared Key
Phase 1:
Encryption: 3DES
Authentication:MD5 Group: 1024-bit
Key Lifetime: 28800 sec
Phase 2:
Encryption: 3DES
Authentication: MD5
Perfect Forward Secrecy: Enabled
Preshared Key: test_test
Group: 1024-bit
Key Lifetime: 3600 sec |
With this tunels I get logs
Jan 11 15:21:39 - [VPN Log]: packet from xxx.xxx.xxx.81:500: received Vendor ID payload [Openswan (this version) cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Jan 11 15:21:39 - [VPN Log]: packet from xxx.xxx.xxx.81:500: received Vendor ID payload [Dead Peer Detection]
Jan 11 15:21:39 - [VPN Log]: packet from xxx.xxx.xxx.81:500: received Vendor ID payload [RFC 3947] method set to=109
Jan 11 15:21:39 - [VPN Log]: packet from xxx.xxx.xxx.81:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
Jan 11 15:21:39 - [VPN Log]: packet from xxx.xxx.xxx.81:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
Jan 11 15:21:39 - [VPN Log]: packet from xxx.xxx.xxx.81:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: responding to Main Mode
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: STATE_MAIN_R1: sent MR1, expecting MI2
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: NAT-Traversal: Result using 3: both are NATed
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: STATE_MAIN_R2: sent MR2, expecting MI3
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: Main mode peer ID is ID_IPV4_ADDR: '192.168.9.11'
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: no suitable connection for peer '192.168.9.11'
Jan 11 15:21:39 - [VPN Log]: "tunela" #4: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.81:500
Jan 11 15:21:49 - [VPN Log]: "tunela" #4: Main mode peer ID is ID_IPV4_ADDR: '192.168.9.11'
Jan 11 15:21:49 - [VPN Log]: "tunela" #4: no suitable connection for peer '192.168.9.11'
Jan 11 15:21:49 - [VPN Log]: "tunela" #4: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.81:500
Jan 11 15:22:09 - [VPN Log]: "tunela" #4: Main mode peer ID is ID_IPV4_ADDR: '192.168.9.11'
Jan 11 15:22:09 - [VPN Log]: "tunela" #4: no suitable connection for peer '192.168.9.11'
Jan 11 15:22:09 - [VPN Log]: "tunela" #4: sending encrypted notification INVALID_ID_INFORMATION to xxx.xxx.xxx.81:500
Jan 11 15:22:49 - [VPN Log]: "tunela" #4: max number of retransmissions (2) reached STATE_MAIN_R2
When I change ADSL to bridge mode the VPN tunels are working and OpenVPN Cilent connect normaly. But I thing that the solution with adsl mode bridge isn't safely like forwarding ports and routing.
Can enyone help me to fix routing. What and whtih one router shoud I set routing.
Chris
