My Community Dashboard

Eli
View Full Profile
  • Eli
    Eli started a new discussion, Basic IPSec Setup between two ClearOS 7.2 machines

    Basic IPSec Setup between two ClearOS 7.2 machines

    Static IPsec VPN for Home

    I briefly skimmed to see if anything else had been posted about this and I don't see anything in particular so I thought I'd ask my specific question. I have two sites, both connected via high speed internet and both running ClearOS 7.2 as the VPN servers. Site A has ClearOS 7.2 as the default gateway running the IPSec service. Site B has the IPSec service running on a ClearOS 7.2 machine behind their default gateway, so I've port forwarded 500 to it's specific IP address. At this point I've filled in (on both sides) The connection name, connection mode (automatic), local WAN IP from the drop down, Local Lan Subnet (side A 192.168.2.0/24 & side B 192.168.1.0/24), the optional settings (Local Gateway IP & Local LAN IP) on both sides have been left blank for now. The Remote WAN IP has been filled in with the WAN IP of the respective sides. The Remote LAN Subnet is set up as well for the remote sides local subnet and again the optional options have been left blank. Both sides have the same pre-shared key.

    The output from /var/log/ipsec is
    Sep 22 16:22:25 router pluto[2977]: forgetting secrets
    Sep 22 16:22:25 router pluto[2977]: loading secrets from "/etc/ipsec.secrets"
    Sep 22 16:22:25 router pluto[2977]: loading secrets from "/etc/ipsec.d/ipsec.un$
    Sep 22 16:22:27 router pluto[2977]: "davlijah": deleting connection
    Sep 22 16:22:27 router pluto[2977]: | certificate not loaded for this end
    Sep 22 16:22:28 router pluto[2977]: | certificate not loaded for this end
    Sep 22 16:22:28 router pluto[2977]: added connection description "davlijah"

    That repeats over and over

    The output from /var/log/ipsec-20160921 is
    Sep 20 13:19:32 router pluto[2977]: packet from SiteB.wanip:500: initial Main Mode message received on SiteA.wanip:500 but no connection has been authorized with policy IKEV1_ALLOW

    I have a connection over both setups so if something is necessary from SiteA or B please let me know and I can supply it. I've never set up an IPSec VPN before, this is the first time I've ever tried. So go easy on me if something is blatantly obvious. Thanks guys!