Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - wgoffman

Pages: [1]
1
Troubleshooting / Re: no tun0 interface
« on: February 18, 2018, 12:10:37 PM »
Yep, i missed the point of different numbers (and IDs) of tunnels on each end.

I'm trying to test idea of "my own internet with blackjack and hookers". To connect several regional offices via regional hubs. We've sessions lost (for example - SAP sessions) on current platform with hardware-based VPNs.

2
Troubleshooting / Re: no tun0 interface
« on: February 18, 2018, 10:41:31 AM »
Assuming "pre-shared key must be 35 characters long" and "first 3 digits of the pre-shared key signify the SPI and must be unique for each Tunnel Interface ID" why it's required to set 35-chars PSK key?

I'd ask for 32-chars key and concat tunnel's id (like '001') at the beginning of 'real' PSK.

Moreover - PSK already exists for 'second' tunnel (rule that use existing tunnel). So it's not required.

3
Troubleshooting / Re: no tun0 interface
« on: February 15, 2018, 11:08:31 AM »
The problem was in 'pre-shared-key'. Exactly "the first 3 digits". No one reads the manual ;-)

I suppose javascript "check" be added for PSK field (35 chars, first 3 - digits).

4
Troubleshooting / Re: no tun0 interface
« on: February 11, 2018, 01:26:09 PM »
4) added tunnel with psk (35 random chars). rebooted one instance. both lost tun0.

5
Troubleshooting / Re: no tun0 interface
« on: February 09, 2018, 09:26:44 PM »
thx, changing ipsec-udp to udp helps. but it 'lost' tun0 as soon as i switched back udp to ipsec-udp in web interface.

so problem is in 3-in-1 ipsec-tunnel(s) with pre-shared key (3 networks via same tunnel) i've tried to set (see image attached).

thx

6
Troubleshooting / Re: no tun0 interface
« on: February 09, 2018, 06:24:36 PM »
no, hostname was not changed since initial setup

tc@lob-wanos:~$ sudo click /etc/wanos/wanos.click
Info : <unknown> RSP header len: 8
SPI: invalid number
/etc/wanos/wanos.click:65: While configuring ‘encap_tunnel_rtable :: RadixIPsecLookup’:
  argument 2 should be 'ADDR/MASK [GATEWAY] OUTPUT'
SPI: invalid number
  argument 3 should be 'ADDR/MASK [GATEWAY] OUTPUT'
SPI: invalid number
  argument 4 should be 'ADDR/MASK [GATEWAY] OUTPUT'
/etc/wanos/wanos.click:140: While configuring ‘wanrx_tcpx_policymap :: IPClassifier’:
  warning: output 1 matches no packets
/etc/wanos/wanos.click:234: While configuring ‘StaticThreadSched@172 :: StaticThreadSched’:
  warning: thread preference 1 out of range
  warning: thread preference 1 out of range
Info : policymap Pattern:
  • src 0.0.0.0/0 and dst 0.0.0.0/0 and udp port 53

Info : policymap Pattern: [1] src 0.0.0.0/0 and dst 0.0.0.0/0 and icmp
Info : policymap Pattern: [2] src 0.0.0.0/0 and dst 0.0.0.0/0 and dst udp port > 16384
Info : policymap Pattern: [3] src 0.0.0.0/0 and dst 0.0.0.0/0 and tcp port 22 or 49 or 88 or 261 or 322 or 443 or 448 or 465 or 563 or 585 or 614 or 636 or 684 or 695 or 989 or 990 or 992 or 993 or 994 or 995 or 1701 or 1723 or 2252 or 2478 or 2479 or 2482 or 2484 or 2492 or 2679 or 2762 or 2998 or 3077 or 3078 or 3183 or 3191 or 3220 or 3269 or 3410 or 3424 or 3471 or 3496 or 3509 or 3529 or 3539 or 3660 or 3661 or 3713 or 3747 or 3864 or 3885 or 3896 or 3897 or 3995 or 4031 or 5007 or 5061 or 5723 or 7674 or 9802 or 11751 or 12109
Info : policymap Pattern: [4] src 0.0.0.0/0 and dst 0.0.0.0/0 and tcp port 7 or 23 or 37 or 107 or 179 or 513 or 514 or 1494 or 1718 or 1719 or 1720 or 2000 or 2001 or 2002 or 2003 or 2427 or 2598 or 2727 or 3389 or 5060 or 5631 or 5900 or 5901 or 5902 or 5903 or 6000
Info : policymap Pattern: [5] src 0.0.0.0/0 and dst 0.0.0.0/0 and tcp
/etc/wanos/wanos.click:304: While configuring ‘lanrx_tcpx_policymap :: IPClassifier’:
  warning: output 1 matches no packets
  warning: output 2 matches no packets
/etc/wanos/wanos.click:339: While configuring ‘StaticThreadSched@272 :: StaticThreadSched’:
  warning: thread preference 1 out of range
  warning: thread preference 1 out of range
  warning: thread preference 1 out of range
/etc/wanos/wanos.click:340: While configuring ‘StaticThreadSched@273 :: StaticThreadSched’:
  warning: thread preference 1 out of range
  warning: thread preference 1 out of range
  warning: thread preference 1 out of range
/etc/wanos/wanos.click:350: While configuring ‘StaticThreadSched@277 :: StaticThreadSched’:
  warning: thread preference 1 out of range
  warning: thread preference 1 out of range
/etc/wanos/wanos.click:50: While configuring ‘if_lan_traffic_is_to_tunnel_rtable/tunnel_rt :: RadixIPLookup’:
  warning: 2 routes replaced by later versions
Info : ft Peer added from config file: 172.20.101.11 1 ext-wanos xx-xx-xx-xx-xx-xx
Router could not be initialized!

7
Troubleshooting / no tun0 interface
« on: February 09, 2018, 05:28:14 PM »
hello

during my playground with tunnels on v4.2 (multiple networks routed via same tunnel) i made several resets (service, stats, datastore and app).

after that i found on both nodes interface tun0 disappeared. so i've wan0, eth1 and dummy0 interfaces only and a lot of error on tty7 (attached).

it's not a problem to rollback from snapshot or reinstall from image, just curious what could happened (kernel module fault?) and if somebody interested to dig it up.

thx

8
Configuration / Re: multiple networks via same tunnel (tunnel mode)
« on: February 09, 2018, 01:31:24 PM »
thx, it's exactly i was looking for

9
Configuration / multiple networks via same tunnel (tunnel mode)
« on: February 09, 2018, 10:09:31 AM »
hi

i set tunnel from location_1 (172.20.33/24) to central_office (172.20/16) (tunnel mode on 4.2.1).
works fine.

i've additional networks @central_office (10/8 and 192.168/16) which i'd like to route from location_1 via tunnel.

obviously, i could route 0/0 via tunnel and add several 'no tunnel' for non-rfc1918 addresses. but it seems to me that this is not a good deal.

i tried to add second tunnel for 10/8 network with the same settings - but it didn't start ;-)

could somebody please point me how to route several networks via tunnel?

thx

Pages: [1]