Can't get past "pending Phase 2" on OpenSWAN <-> ISA Server IPSec VPN

vpn ipsec openswan isa-server

Solution 1:

I've came across this situation in recent days.

It was due to two issues.

  1. Firewall
  2. Kernal IP forwarding disabled
  3. Preshared-key mismatch

For firewall, it turns out port 500 and 4500 were blocked. By running ipsec verify, you can see whether 500 or 4500 blocked.

In /etc/sysctl.conf,

change net.ipv4.ip_forward to 1

append 

net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.em1.accept_redirects = 0
net.ipv4.conf.em1.send_redirects = 0

The em1 is the network interface, yours maybe eth0 or eth1

Finally, in my case, the preshared key in /etc/ipsec.d/ipsec.secrets were mistakenly enclosed with double quote ", which result in preshared key mismatch.

Hope it helps somebody.

Related

How do I download the avatar image from an Active Directory server?
Correct way to update Google Chrome MSI through Group Policy
Centos went read only suddenly, on vmware....scary
Squid proxy: how to link inbound IPv4+port to outbound IPv6
Does speed of ZFS snapshot rollback depend on number of files?
Enable SMP on Debian i386?
LSI RAID controller errors on DB import - How to troubleshoot?
What "pieces" are needed in order to set up a cluster of physical servers?
Secure logstash and elasticsearch
Recipient receives mail not addressed to them
Is there any way to synchronize AD users with Office 365 but still be able to edit them online?
Combining RoboCopy with FtpUse