[Openswan dev] 2.3.1: regression from 2.2.0 to 2.3 still exists (3)

Rene Mayrhofer rene.mayrhofer at gibraltar.at
Sun Apr 10 13:53:59 CEST 2005


Hi all,

And another data point: I have now configure machine B with the IP address of 
machine A instead of %any, so it also doesn't seem to be a road warrior 
problem. Additionally. machine B now uses machine A's certificate directly. 
Machine B's block now looks:

conn wlanIpsecOnly
        left=10.0.0.129
        leftnexthop=%direct
        leftsubnet=0.0.0.0/0
        right=10.0.0.163
        rightcert=styx.pem
        auto=add

And machine B:

conn wlan
        left=%defaultroute
        rightsubnet=0.0.0.0/0
        right=10.0.0.129
        rightcert=whispercert.pem
        auto=add

Still the same behavior, machine B's pluto crashes. The logs (without 
plutodebug="all") are for machine B:

[root at whisper ~]# /etc/init.d/ipsec restart; tail -f /var/log/auth.log
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.3.1/K2.6.10...
Apr 10 12:44:29 whisper pluto[28125]: starting up 1 cryptographic helpers
Apr 10 12:44:29 whisper pluto[28125]: started helper pid=28135 (fd:6)
Apr 10 12:44:29 whisper pluto[28125]: Using Linux 2.6 IPsec interface code
Apr 10 12:44:30 whisper pluto[28125]: Changing to directory 
'/etc/ipsec.d/cacerts'
Apr 10 12:44:30 whisper pluto[28125]:   loaded CA cert file 
'subCAcert.pem' (5360 bytes)
Apr 10 12:44:30 whisper pluto[28125]:   loaded CA cert file 
'rootCAcert.pem' (1785 bytes)
Apr 10 12:44:30 whisper pluto[28125]: Changing to directory 
'/etc/ipsec.d/aacerts'
Apr 10 12:44:30 whisper pluto[28125]: Changing to directory 
'/etc/ipsec.d/ocspcerts'
Apr 10 12:44:30 whisper pluto[28125]: Changing to directory 
'/etc/ipsec.d/crls'
Apr 10 12:44:30 whisper pluto[28125]:   Warning: empty directory
Apr 10 12:44:31 whisper pluto[28125]:   loaded host cert file 
'/etc/ipsec.d/certs/whispercert.pem' (5550 bytes)
Apr 10 12:44:31 whisper pluto[28125]:   loaded host cert file 
'/etc/ipsec.d/certs/styx.pem' (5538 bytes)
Apr 10 12:44:31 whisper pluto[28125]: added connection description 
"wlanIpsecOnly"
Apr 10 12:44:31 whisper pluto[28125]: listening for IKE messages
Apr 10 12:44:31 whisper pluto[28125]: adding interface tun0/tun0 
10.0.0.161:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface vlan3/vlan3 
10.0.0.129:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface int/int 10.0.0.1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface lo/lo 127.0.0.1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface ext/ext z.z.z.z:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface sit0/sit0 ::a00:1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface 
sit0/sit0 ::510a:b45e:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface sit0/sit0 ::7f00:1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface sit0/sit0 ::a00:81:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface lo/lo ::1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface int/int 
3ffe:x:x:2::1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface vlan3/vlan3 
3ffe:x:x:3::1:500
Apr 10 12:44:31 whisper pluto[28125]: loading secrets from 
"/etc/ipsec.secrets"
Apr 10 12:44:31 whisper pluto[28125]:   loaded private key file 
'/etc/ipsec.d/private/whisperkey.pem' (1679 bytes)

[ then I initiated the connection at machine A ]

Apr 10 12:44:39 whisper pluto[28125]: packet from 10.0.0.163:500: received 
Vendor ID payload [Openswan (this version) 2.3.1  X.509-1.5.4 
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Apr 10 12:44:39 whisper pluto[28125]: packet from 10.0.0.163:500: received 
Vendor ID payload [Dead Peer Detection]
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: responding to Main 
Mode
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: transition from 
stateSTATE_MAIN_R0 to state STATE_MAIN_R1
Apr 10 12:44:39 whisper pluto[28125]: packet from 10.0.0.163:500: received 
Vendor ID payload [Openswan (this version) 2.3.1  X.509-1.5.4 
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Apr 10 12:44:39 whisper pluto[28125]: packet from 10.0.0.163:500: received 
Vendor ID payload [Dead Peer Detection]
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #2: responding to Main 
Mode
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #2: transition from 
stateSTATE_MAIN_R0 to state STATE_MAIN_R1
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: discarding packet 
received during asynchronous work (DNS or crypto) in STATE_MAIN_R1
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: transition from 
stateSTATE_MAIN_R1 to state STATE_MAIN_R2
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: Main mode peer ID is 
ID_DER_ASN1_DN: 'C=AT, ST=Upper Austria, O=Gibraltar, OU=VPN Network Tests, 
CN=styx.soft.uni-linz.ac.at, E=rene at mayrhofer.eu.org'
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: no crl from issuer 
"C=AT, L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar 
Intermediate Certificate, E=ca at gibraltar.at" found (strict=no)
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: no crl from issuer 
"C=AT, L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar Root 
Certificate, E=ca at gibraltar.at" found (strict=no)
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: I am sending my cert
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #1: transition from 
stateSTATE_MAIN_R2 to state STATE_MAIN_R3
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #1: sent MR3, ISAKMP SA 
established
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #1: Dead Peer Detection 
(RFC 3706): enabled
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #1: retransmitting in 
response to duplicate packet; already STATE_MAIN_R3
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: ASSERTION FAILED at 
crypto.c:219: st->st_new_iv_len >= e->enc_blocksize
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface 
vlan3/vlan33ffe:8060:1112:3::1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface int/int 
3ffe:8060:1112:2::1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface lo/lo ::1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface 
sit0/sit0 ::a00:81
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface 
sit0/sit0 ::7f00:1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface 
sit0/sit0 ::510a:b45e
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface 
sit0/sit0 ::a00:1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface ext/ext 
z.z.z.z
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface lo/lo 
127.0.0.1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface int/int 
10.0.0.1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface 
vlan3/vlan310.0.0.129
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface tun0/tun0 
10.0.0.161
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: %myid = (none)
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: debug none
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP 
encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP 
encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP 
encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP 
encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP 
encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP 
encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP 
encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP auth 
attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP auth 
attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP auth 
attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP auth 
attr: id=251, name=(null), keysizemin=0, keysizemax=0
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE 
encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE 
encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE hash: 
id=2, name=OAKLEY_SHA1, hashsize=20
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE hash: 
id=1, name=OAKLEY_MD5, hashsize=16
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh 
group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh 
group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh 
group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh 
group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh 
group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh 
group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh 
group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: stats db_ops.c: 
{curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly": 
0.0.0.0/0===10.0.0.129[C=AT, ST=Upper Austria, O=Gibraltar, OU=Mayrhofer 
network Linz, CN=whisper.mayrhofer.eu.org, 
E=rene at mayrhofer.eu.org]...10.0.0.163[C=AT, ST=Upper Austria, O=Gibraltar, 
OU=VPN Network Tests, CN=styx.soft.uni-linz.ac.at, E=rene at mayrhofer.eu.org]; 
unrouted; eroute owner: #0
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":     
srcip=unset; dstip=unset
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":   
CAs: 'C=AT, L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar 
Intermediate Certificate, E=ca at gibraltar.at'...'C=AT, L=Linz, O=Gibraltar, 
OU=Certificate Authority, CN=Gibraltar Intermediate Certificate, 
E=ca at gibraltar.at'
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":   
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; 
keyingtries: 0
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":   
policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 0,32; interface: vlan3;
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":   
dpd: action:hold; delay:3600; timeout:7200;
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":   
newest ISAKMP SA: #1; newest IPsec SA: #0;
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":   
IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: #2: 
"wlanIpsecOnly":500 STATE_MAIN_R1 (sent MR1, expecting MI2); EVENT_RETRANSMIT 
in 9s; lastdpd=-1s(seq in:0 out:0)
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: #3: 
"wlanIpsecOnly":500 STATE_QUICK_R0 (expecting QI1); EVENT_CRYPTO_FAILED in 
300s; lastdpd=-1s(seq in:0 out:0)
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: #1: 
"wlanIpsecOnly":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); 
EVENT_SA_REPLACE in 3330s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:52 whisper ipsec__plutorun: Restarting Pluto subsystem...
Apr 10 12:44:53 whisper pluto[28464]: Starting Pluto (Openswan Version 2.3.1 
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEExalF{_o`m)
.....

[ and it restarts again ]

The line "ASSERTION FAILED at crypto.c:219: st->st_new_iv_len >= 
e->enc_blocksize" might be a hint.

Machine A's logs are again rather uninteresting:

Apr 10 12:44:38 localhost ipsec__plutorun: Starting Pluto subsystem...
Apr 10 12:44:38 localhost pluto[17825]: Starting Pluto (Openswan Version 2.3.1 
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEExalF{_o`m)
Apr 10 12:44:38 localhost pluto[17825]: Setting port floating to off
Apr 10 12:44:38 localhost pluto[17825]: port floating activate 0/1
Apr 10 12:44:38 localhost pluto[17825]:   including NAT-Traversal patch 
(Version 0.6c) [disabled]
Apr 10 12:44:38 localhost pluto[17825]: ike_alg_register_enc(): Activating 
OAKLEY_AES_CBC: Ok (ret=0)
Apr 10 12:44:38 localhost pluto[17825]: starting up 1 cryptographic helpers
Apr 10 12:44:38 localhost pluto[17825]: started helper pid=17837 (fd:6)
Apr 10 12:44:38 localhost pluto[17825]: Using Linux 2.6 IPsec interface code
Apr 10 12:44:38 localhost pluto[17825]: Changing to directory 
'/etc/ipsec.d/cacerts'
Apr 10 12:44:38 localhost pluto[17825]:   loaded CA cert file 
'subCAcert.pem' (5360 bytes)
Apr 10 12:44:38 localhost pluto[17825]:   loaded CA cert file 
'rootCAcert.pem' (1785 bytes)
Apr 10 12:44:38 localhost pluto[17825]: Changing to directory 
'/etc/ipsec.d/aacerts'
Apr 10 12:44:38 localhost pluto[17825]: Changing to directory 
'/etc/ipsec.d/ocspcerts'
Apr 10 12:44:38 localhost pluto[17825]: Changing to directory 
'/etc/ipsec.d/crls'
Apr 10 12:44:38 localhost pluto[17825]:   Warning: empty directory
Apr 10 12:44:38 localhost pluto[17825]:   loaded host cert file 
'/etc/ipsec.d/certs/styx.pem' (5538 bytes)
Apr 10 12:44:38 localhost pluto[17825]:   loaded host cert file 
'/etc/ipsec.d/certs/whispercert.pem' (5550 bytes)
Apr 10 12:44:38 localhost pluto[17825]: added connection description "wlan"
Apr 10 12:44:38 localhost pluto[17825]: listening for IKE messages
Apr 10 12:44:38 localhost pluto[17825]: adding interface ath0/ath0 
10.0.0.163:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface lo/lo 127.0.0.1:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface eth0/eth0 
10.0.0.11:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface eth0/eth0 
3ffe:x:x:2:211:25ff:fe12:3570:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface ath0/ath0 
3ffe:x:x:3:205:4eff:fe4e:229c:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface lo/lo ::1:500
Apr 10 12:44:38 localhost pluto[17825]: loading secrets from 
"/etc/ipsec.secrets"
Apr 10 12:44:38 localhost pluto[17825]:   loaded private key file 
'/etc/ipsec.d/private/styx.key' (1679 bytes)
Apr 10 12:44:38 localhost pluto[17825]:   loaded private key file 
'/etc/ipsec.d/private/styxKey.pem' (1679 bytes)
Apr 10 12:44:39 localhost sudo:     rene : TTY=unknown ; PWD=/home/rene ; 
USER=root ; COMMAND=/usr/sbin/ipsec auto --up wlan
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: initiating Main Mode
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: received Vendor ID payload 
[Openswan (this version) 2.3.1  X.509-1.5.4 PLUTO_SENDS_VENDORID 
PLUTO_USES_KEYRR]
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: received Vendor ID payload 
[Dead Peer Detection]
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: discarding packet received 
during asynchronous work (DNS or crypto) in STATE_MAIN_I1
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: transition from state 
STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: I am sending my cert
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: I am sending a certificate 
request
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: transition from state 
STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: Main mode peer ID is 
ID_DER_ASN1_DN: 'C=AT, ST=Upper Austria, O=Gibraltar, OU=Mayrhofer network 
Linz, CN=whisper.mayrhofer.eu.org, E=rene at mayrhofer.eu.org'
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: no crl from issuer "C=AT, 
L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar Intermediate 
Certificate, E=ca at gibraltar.at" found (strict=no)
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: no crl from issuer "C=AT, 
L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar Root Certificate, 
E=ca at gibraltar.at" found (strict=no)
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: transition from state 
STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: ISAKMP SA established
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: Dead Peer Detection (RFC 
3706): enabled
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #2: initiating Quick Mode 
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: discarding duplicate 
packet;already STATE_MAIN_I4
Apr 10 12:44:49 localhost pluto[17825]: unknown cmsg: level 0, type 8, len 24
Apr 10 12:44:49 localhost pluto[17825]: "wlan" #2: ERROR: asynchronous network 
error report on ath0 for message to 10.0.0.129 port 500, complainant 
10.0.0.129:Connection refused [errno 111, origin ICMP type 3 code 3 (not 
authenticated)]
Apr 10 12:44:49 localhost pluto[17825]: unknown cmsg: level 0, type 8, len 24
Apr 10 12:44:49 localhost pluto[17825]: "wlan" #2: ERROR: asynchronous network 
error report on ath0 for message to 10.0.0.129 port 500, complainant 
10.0.0.129:Connection refused [errno 111, origin ICMP type 3 code 3 (not 
authenticated)]

Any ideas what I could try next? In fact, I can't get it to work at all 
between those two hosts (and it worked perfectly with 2.2.0 for quite some 
time).

with best regards,
Rene
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20050410/93035bad/attachment.bin


More information about the Dev mailing list