Thank you for your message. I cannot find the failure. The non windows client is a simple ethernet to serial converter with static IP. But I cannot reach the web UI form the RUT, and I think this must be the first step.
Here the routing information:
The Sophos route:
SA: |
192.168.xxx.0/24=81... |
|
217...=192.168.xxx.8/29 | |
|
IKE: Auth PSK / Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 7800s / PFS MODP_1024 / DPD | |
ESP: Enc AES_CBC_256 / Hash HMAC_MD5 / Lifetime 3600s | |
Tracerout from sopohos to RUT
traceroute to 192.168.xxx.8 (192.168.xxx.8), 30 hops max, 40 byte packets using UDP
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
Traceroute from RUT to sophos:
traceroute to 192.168.xxx.253 (192.168.xxx.253), 30 hops max, 38 byte packets 1 * 2 * 3 * 4 * 5 * 6 * 7 * 8 * 9 * 10 * 11 * 12 * 13 * 14 * 15 * 16 * 17 * 18 * 19 * 20 * 21 * 22 * 23 * 24 * 25 * 26 * 27 * 28 * 29 * 30 *
IPSec statusall on RUT:
Status of IKE charon daemon (strongSwan 5.6.2, Linux 3.18.44, mips):
uptime: 5 days, since May 05 12:01:53 2021
malloc: sbrk 139264, mmap 0, used 124032, free 15232
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 7
loaded plugins: charon aes des sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp pem gmp xcbc hmac kernel-netlink resolve socket-default stroke updown xauth-generic
Listening IP addresses:
172...
192.168.xxx.8
Connections:
EWBHKWTun: %any4...81... IKEv1, dpddelay=30s
EWBHKWTun: local: [any4] uses pre-shared key authentication
EWBHKWTun: remote: [81...] uses pre-shared key authentication
EWBHKWTun: child: 192.168.xxx.8/29 === 192.168.yyy.0/24 TUNNEL, dpdaction=restart
passthrough0: %any...%any IKEv1/2
passthrough0: local: uses public key authentication
passthrough0: remote: uses public key authentication
passthrough0: child: 192.168.190.8/29 === 192.168.190.8/29 PASS
Shunted Connections:
passthrough0: 192.168.190.8/29 === 192.168.190.8/29 PASS
Security Associations (1 up, 0 connecting):
EWBHKWTun[63]: ESTABLISHED 35 minutes ago, 172...[any4]...81...[81..]
Tun[63]: IKEv1 SPIs: 04590ee024f60745_i* 99f112cff56bea7e_r, pre-shared key reauthentication in 77 minutes
Tun[63]: IKE proposal: AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5/MODP_1024
Tun{163}: INSTALLED, TUNNEL, reqid 4, ESP SPIs: c58dea30_i 2e4d2a5b_o
Tun{163}: AES_CBC_256/HMAC_MD5_96/MODP_1024, 0 bytes_i, 1140 bytes_o (30 pkts, 319s ago), rekeying in 10 minutes
Tun{163}: 192.168.xxx.8/29 === 192.168.yyy.0/24