Failed to find IPsec Common

Author
jcisnerosm
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/01/22 15:40:37
  • Status: offline
2021/02/18 22:49:00 (permalink) 6.2
0

Failed to find IPsec Common

My HUB has 2 ISP with 2 vpns, these vpns are in sdwan with Maximize Bandwidth SLA, sometimes the host from the hub don't have ping to the SPOKES.
 
I did a sniffer and debug, and these are the results
 
PING ok from 192.168.1.10 to 192.168.2.10
Sniffer

4.048999 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.049044 VPN-ISP1 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.051829 VPN-ISP1 in 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.051839 port4 out 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.053337 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.053342 VPN-ISP1 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.057074 VPN-ISP1 in 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.057077 port4 out 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.058594 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.058599 VPN-ISP1 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.061209 VPN-ISP1 in 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.061212 port4 out 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.062676 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.062680 VPN-ISP1 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.065359 VPN-ISP1 in 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.065362 port4 out 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.066878 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.066881 VPN-ISP1 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
4.068969 VPN-ISP1 in 192.168.2.10 -> 192.168.1.10: icmp: echo reply
4.068971 port4 out 192.168.2.10 -> 192.168.1.10: icmp: echo reply

Debug
2021-02-19 01:19:41 id=20085 trace_id=1 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.1.10:58->192.168.2.10:2048) from"
2021-02-19 01:19:41 id=20085 trace_id=1 func=init_ip_session_common line=5625 msg="allocate a new session-00000a8a"
2021-02-19 01:19:41 id=20085 trace_id=1 func=vf_ip_route_input_common line=2581 msg="Match policy routing id=2130771970: to 192.168.2.10 via ifindex-10"
2021-02-19 01:19:41 id=20085 trace_id=1 func=vf_ip_route_input_common line=2596 msg="find a route: flag=04000000 gw-10.10.100.2 via VPN-ISP1"
2021-02-19 01:19:41 id=20085 trace_id=1 func=fw_forward_handler line=783 msg="Allowed by Policy-1:"
2021-02-19 01:19:41 id=20085 trace_id=1 func=ipsecdev_hard_start_xmit line=777 msg="enter IPsec interface-VPN-ISP1"
2021-02-19 01:19:41 id=20085 trace_id=1 func=esp_output4 line=904 msg="IPsec encrypt/auth"
2021-02-19 01:19:41 id=20085 trace_id=1 func=ipsec_output_finish line=622 msg="send to 186.1.1.1 via intf-port2"
2021-02-19 01:19:41 id=20085 trace_id=2 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.2.10:58->192.168.1.10:0) from VPN-ISP1. t"
2021-02-19 01:19:41 id=20085 trace_id=2 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, reply direction"
2021-02-19 01:19:41 id=20085 trace_id=2 func=vf_ip_route_input_common line=2596 msg="find a route: flag=00000000 gw-192.168.1.10 via port4"
2021-02-19 01:19:41 id=20085 trace_id=3 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.1.10:58->192.168.2.10:2048) from port4. t"
2021-02-19 01:19:41 id=20085 trace_id=3 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, original direction"
2021-02-19 01:19:41 id=20085 trace_id=3 func=ipv4_fast_cb line=53 msg="enter fast path"
2021-02-19 01:19:41 id=20085 trace_id=3 func=ipsecdev_hard_start_xmit line=777 msg="enter IPsec interface-VPN-ISP1"
2021-02-19 01:19:41 id=20085 trace_id=3 func=esp_output4 line=904 msg="IPsec encrypt/auth"
2021-02-19 01:19:41 id=20085 trace_id=3 func=ipsec_output_finish line=622 msg="send to 186.1.1.1 via intf-port2"
2021-02-19 01:19:41 id=20085 trace_id=4 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.2.10:58->192.168.1.10:0) from VPN-ISP1. t"
2021-02-19 01:19:41 id=20085 trace_id=4 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, reply direction"
2021-02-19 01:19:41 id=20085 trace_id=4 func=ipv4_fast_cb line=53 msg="enter fast path"
2021-02-19 01:19:41 id=20085 trace_id=5 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.1.10:58->192.168.2.10:2048) from port4. t"
2021-02-19 01:19:41 id=20085 trace_id=5 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, original direction"
2021-02-19 01:19:41 id=20085 trace_id=5 func=ipv4_fast_cb line=53 msg="enter fast path"
2021-02-19 01:19:41 id=20085 trace_id=5 func=ipsecdev_hard_start_xmit line=777 msg="enter IPsec interface-VPN-ISP1"
2021-02-19 01:19:41 id=20085 trace_id=5 func=esp_output4 line=904 msg="IPsec encrypt/auth"
2021-02-19 01:19:41 id=20085 trace_id=5 func=ipsec_output_finish line=622 msg="send to 186.1.1.1 via intf-port2"
2021-02-19 01:19:41 id=20085 trace_id=6 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.2.10:58->192.168.1.10:0) from VPN-ISP1. t"
2021-02-19 01:19:41 id=20085 trace_id=6 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, reply direction"
2021-02-19 01:19:41 id=20085 trace_id=6 func=ipv4_fast_cb line=53 msg="enter fast path"
2021-02-19 01:19:41 id=20085 trace_id=7 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.1.10:58->192.168.2.10:2048) from port4. t"
2021-02-19 01:19:41 id=20085 trace_id=7 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, original direction"
2021-02-19 01:19:41 id=20085 trace_id=7 func=ipv4_fast_cb line=53 msg="enter fast path"
2021-02-19 01:19:41 id=20085 trace_id=7 func=ipsecdev_hard_start_xmit line=777 msg="enter IPsec interface-VPN-ISP1"
2021-02-19 01:19:41 id=20085 trace_id=7 func=esp_output4 line=904 msg="IPsec encrypt/auth"
2021-02-19 01:19:41 id=20085 trace_id=7 func=ipsec_output_finish line=622 msg="send to 186.1.1.1 via intf-port2"
2021-02-19 01:19:41 id=20085 trace_id=8 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.2.10:58->192.168.1.10:0) from VPN-ISP1. t"
2021-02-19 01:19:41 id=20085 trace_id=8 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, reply direction"
2021-02-19 01:19:41 id=20085 trace_id=8 func=ipv4_fast_cb line=53 msg="enter fast path"
2021-02-19 01:19:41 id=20085 trace_id=9 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.1.10:58->192.168.2.10:2048) from port4. t"
2021-02-19 01:19:41 id=20085 trace_id=9 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, original direction"
2021-02-19 01:19:41 id=20085 trace_id=9 func=ipv4_fast_cb line=53 msg="enter fast path"
2021-02-19 01:19:41 id=20085 trace_id=9 func=ipsecdev_hard_start_xmit line=777 msg="enter IPsec interface-VPN-ISP1"
2021-02-19 01:19:41 id=20085 trace_id=9 func=esp_output4 line=904 msg="IPsec encrypt/auth"
2021-02-19 01:19:41 id=20085 trace_id=9 func=ipsec_output_finish line=622 msg="send to 186.1.1.1 via intf-port2"
2021-02-19 01:19:41 id=20085 trace_id=10 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.2.10:58->192.168.1.10:0) from VPN-ISP1. "
2021-02-19 01:19:41 id=20085 trace_id=10 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000a8a, reply direction"
2021-02-19 01:19:41 id=20085 trace_id=10 func=ipv4_fast_cb line=53 msg="enter fast path"

 
Ping wrong
Sniffer
9.705700 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
9.705734 VPN-ISP2 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
11.707874 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
11.707893 VPN-ISP2 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
13.708240 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
13.708250 VPN-ISP2 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
15.709971 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
15.709981 VPN-ISP2 out 192.168.1.10 -> 192.168.2.10: icmp: echo request
17.713986 port4 in 192.168.1.10 -> 192.168.2.10: icmp: echo request
17.713996 VPN-ISP2 out 192.168.1.10 -> 192.168.2.10: icmp: echo request

 
Debug
 2021-02-19 01:19:57 id=20085 trace_id=11 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.1.10:59->192.168.2.10:2048) fro"
2021-02-19 01:19:57 id=20085 trace_id=11 func=init_ip_session_common line=5625 msg="allocate a new session-00000abf"
2021-02-19 01:19:57 id=20085 trace_id=11 func=vf_ip_route_input_common line=2581 msg="Match policy routing id=2130771970: to 192.168.2.10 via ifindex-11"
2021-02-19 01:19:57 id=20085 trace_id=11 func=vf_ip_route_input_common line=2596 msg="find a route: flag=04000000 gw-10.10.200.253 via VPN-ISP2"
2021-02-19 01:19:57 id=20085 trace_id=11 func=fw_forward_handler line=783 msg="Allowed by Policy-1:"
2021-02-19 01:19:57 id=20085 trace_id=11 func=ipsecdev_hard_start_xmit line=777 msg="enter IPsec interface-VPN-ISP2"
2021-02-19 01:19:57 id=20085 trace_id=11 func=ipsecdev_hard_start_xmit line=842 msg="Failed to find IPsec Common: VPN-ISP2"
2021-02-19 01:19:59 id=20085 trace_id=12 func=print_pkt_detail line=5460 msg="vd-root:0 received a packet(proto=1, 192.168.1.10:59->192.168.2.10:2048) from port4. "
2021-02-19 01:19:59 id=20085 trace_id=12 func=resolve_ip_tuple_fast line=5540 msg="Find an existing session, id-00000abf, original direction"
2021-02-19 01:19:59 id=20085 trace_id=12 func=ipv4_fast_cb line=53 msg="enter fast path"
2021-02-19 01:19:59 id=20085 trace_id=12 func=ipsecdev_hard_start_xmit line=777 msg="enter IPsec interface-VPN-ISP2"
2021-02-19 01:19:59 id=20085 trace_id=12 func=ipsecdev_hard_start_xmit line=842 msg="Failed to find IPsec Common: VPN-ISP2"

 
#1
Jump to:
© 2021 APG vNext Commercial Version 5.5