<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<pre wrap="">logs with plutodebug=none</pre>
Jul 14 10:05:07 rt_1 pluto[5447]: adding interface lo/lo 127.0.0.1<br>
Jul 14 10:05:07 rt_1 pluto[5447]: adding interface lo/lo 127.0.0.1:4500<br>
Jul 14 10:05:07 rt_1 pluto[5447]: adding interface lo/lo ::1<br>
Jul 14 10:05:07 rt_1 pluto[5447]: loading secrets from
"/etc/ipsec.secrets"<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: initiating Main
Mode<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-03]<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: enabling
possible NAT-traversal with method RFC XXXX (NAT-Traversal)<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: I did not send
a certificate because I do not have one.<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
Jul 14 10:05:08 rt_1 pluto[5447]: | protocol/port in Phase 1 ID Payload
is 17/0. accepted with port_floating NAT-T<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: Peer ID is
ID_IPV4_ADDR: 'x.x.x.x'<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: ISAKMP SA
established<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #2: initiating
Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #2: transition from
state STATE_QUICK_I1 to state STATE_QUICK_I2<br>
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #2: sent QI2, IPsec
SA established {ESP=>0xcb04ae40 <0x0b76643c NATOA=0.0.0.0}<br>
Jul 14 10:49:39 rt_1 pluto[5447]: "alfa-watchguard" #3: initiating Main
Mode to replace #1 <br>
--------------------------- from this moment vpn doesn't work
----------------------------------------------------------------------<br>
Jul 14 11:02:49 rt_1 pluto[5447]: "alfa-watchguard" #3: max number of
retransmissions (20) reached STATE_MAIN_I1. No response (or no
acceptable response) to our first IKE message<br>
Jul 14 11:02:49 rt_1 pluto[5447]: "alfa-watchguard" #3: starting keying
attempt 2 of an unlimited number<br>
Jul 14 11:02:49 rt_1 pluto[5447]: "alfa-watchguard" #4: initiating Main
Mode to replace #3<br>
Jul 14 11:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: ISAKMP SA
expired (LATEST!)<br>
Jul 14 11:15:59 rt_1 pluto[5447]: "alfa-watchguard" #4: max number of
retransmissions (20) reached STATE_MAIN_I1. No response (or no
acceptable response) to our first IKE message<br>
Jul 14 11:15:59 rt_1 pluto[5447]: "alfa-watchguard" #4: starting keying
attempt 3 of an unlimited number<br>
Jul 14 11:15:59 rt_1 pluto[5447]: "alfa-watchguard" #5: initiating Main
Mode to replace #4<br>
+ _________________________ date<br>
+ date<br>
Fri Jul 14 11:23:29 CEST 2006<br>
<br>
<br>
<br>
Paul Wouters wrote:
<blockquote cite="midPine.LNX.4.63.0607131941280.6697@tla.xelerance.com"
type="cite">
<pre wrap="">On Thu, 13 Jul 2006, Adam Gawda wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Subject: Re: [Openswan Users] connection- after about 1 hour goes down.
when it's working I have:
--------------------------------------
</pre>
</blockquote>
<pre wrap=""><!---->
Can you get me the logs with plutodebug=none, and show me a continious log
of the connection being setup when it works, upto and including the failure.
The logs below is not covering all the information I'd like to see (and
spams a bit with needless internals)
Thanks,
Paul
</pre>
<blockquote type="cite">
<pre wrap="">Jul 13 12:31:54 rt_1 pluto[12574]: | *time to handle event
Jul 13 12:31:54 rt_1 pluto[12574]: | event after this is EVENT_SA_REPLACE
in 162 seconds
Jul 13 12:31:54 rt_1 pluto[12574]: | ka_event: send NAT-KA to
x.x.x.x:4500
Jul 13 12:31:54 rt_1 pluto[12574]: | sending 1 bytes for NAT-T Keep Alive
through eth0 to x.x.x.x:4500:
Jul 13 12:31:54 rt_1 pluto[12574]: | ff
Jul 13 12:31:54 rt_1 pluto[12574]: | inserting event
EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Jul 13 12:31:54 rt_1 pluto[12574]: | next event EVENT_NAT_T_KEEPALIVE in
20 seconds
Jul 13 12:32:14 rt_1 pluto[12574]: |
Jul 13 12:32:14 rt_1 pluto[12574]: | *time to handle event
Jul 13 12:32:14 rt_1 pluto[12574]: | event after this is EVENT_SA_REPLACE
in 142 seconds
Jul 13 12:32:14 rt_1 pluto[12574]: | ka_event: send NAT-KA to
x.x.x.x:4500
Jul 13 12:32:14 rt_1 pluto[12574]: | sending 1 bytes for NAT-T Keep Alive
through eth0 to x.x.x.x:4500:
after a few minutes I have..and doesn't work:
-----------------------------------------------------------------------
Jul 13 12:43:14 rt_1 pluto[12574]: |
Jul 13 12:43:14 rt_1 pluto[12574]: | *time to handle event
Jul 13 12:43:14 rt_1 pluto[12574]: | event after this is EVENT_RETRANSMIT
in 33 seconds
Jul 13 12:43:14 rt_1 pluto[12574]: | ka_event: send NAT-KA to
x.x.x.x:4500
Jul 13 12:43:14 rt_1 pluto[12574]: | sending 1 bytes for NAT-T Keep Alive
through eth0 to x.x.x.x:4500:
Jul 13 12:43:14 rt_1 pluto[12574]: | ff
Jul 13 12:43:14 rt_1 pluto[12574]: | inserting event
EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Jul 13 12:43:14 rt_1 pluto[12574]: | next event EVENT_NAT_T_KEEPALIVE in
20 seconds
Jul 13 12:43:34 rt_1 pluto[12574]: |
Jul 13 12:43:34 rt_1 pluto[12574]: | *time to handle event
Jul 13 12:43:34 rt_1 pluto[12574]: | event after this is EVENT_RETRANSMIT
in 13 seconds
Jul 13 12:43:34 rt_1 pluto[12574]: | ka_event: send NAT-KA to
x.x.x.x:4500
Jul 13 12:43:34 rt_1 pluto[12574]: | sending 1 bytes for NAT-T Keep Alive
through eth0 to x.x.x.x:4500:
Jul 13 12:43:34 rt_1 pluto[12574]: | ff
Jul 13 12:43:34 rt_1 pluto[12574]: | inserting event
EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Jul 13 12:43:34 rt_1 pluto[12574]: | next event EVENT_RETRANSMIT in 13
seconds for #3
Jul 13 12:43:47 rt_1 pluto[12574]: |
Jul 13 12:43:47 rt_1 pluto[12574]: | *time to handle event
Jul 13 12:43:47 rt_1 pluto[12574]: | event after this is
EVENT_NAT_T_KEEPALIVE in 7 seconds
Jul 13 12:43:47 rt_1 pluto[12574]: | handling event EVENT_RETRANSMIT for
x.x.x.x "alfa-watchguard" #3
Jul 13 12:43:47 rt_1 pluto[12574]: | sending 236 bytes for
EVENT_RETRANSMIT through eth0 to x.x.x.x:4500:
Jul 13 12:43:47 rt_1 pluto[12574]: | 43 3b ec 86 81 fc f2 5b 00 00 00
00 00 00 00 00
Jul 13 12:43:47 rt_1 pluto[12574]: | 01 10 02 00 00 00 00 00 00 00 00
ec 0d 00 00 94
Jul 13 12:43:47 rt_1 pluto[12574]: | 00 00 00 01 00 00 00 01 00 00 00
88 00 01 00 04
Jul 13 12:43:47 rt_1 pluto[12574]: | 03 00 00 20 00 01 00 00 80 0b 00
01 80 0c 0e 10
Jul 13 12:43:47 rt_1 pluto[12574]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 05
Jul 13 12:43:47 rt_1 pluto[12574]: | 03 00 00 20 01 01 00 00 80 0b 00
01 80 0c 0e 10
Jul 13 12:43:47 rt_1 pluto[12574]: | 80 01 00 05 80 02 00 01 80 03 00
01 80 04 00 02
Jul 13 12:43:47 rt_1 pluto[12574]: | 03 00 00 20 02 01 00 00 80 0b 00
01 80 0c 0e 10
Jul 13 12:43:48 rt_1 pluto[12574]: | 80 01 00 05 80 02 00 02 80 03 00
01 80 04 00 05
Jul 13 12:43:48 rt_1 pluto[12574]: | 00 00 00 20 03 01 00 00 80 0b 00
01 80 0c 0e 10
Jul 13 12:43:48 rt_1 pluto[12574]: | 80 01 00 05 80 02 00 02 80 03 00
01 80 04 00 02
Jul 13 12:43:48 rt_1 pluto[12574]: | 0d 00 00 14 7d 94 19 a6 53 10 ca
6f 2c 17 9d 92
Jul 13 12:43:48 rt_1 pluto[12574]: | 15 52 9d 56 0d 00 00 14 cd 60 46
43 35 df 21 f8
Jul 13 12:43:48 rt_1 pluto[12574]: | 18 b6 bb cd 0b e8 a8 46 95 79 dd
cc
Jul 13 12:43:48 rt_1 pluto[12574]: | inserting event EVENT_RETRANSMIT,
timeout in 40 seconds for #3
Jul 13 12:43:48 rt_1 pluto[12574]: | next event EVENT_NAT_T_KEEPALIVE in
6 seconds
Jul 13 12:43:54 rt_1 pluto[12574]: |
Jul 13 12:43:54 rt_1 pluto[12574]: | *time to handle event
Jul 13 12:43:54 rt_1 pluto[12574]: | event after this is EVENT_RETRANSMIT
in 34 seconds
Jul 13 12:43:54 rt_1 pluto[12574]: | ka_event: send NAT-KA to
x.x.x.x:4500
Jul 13 12:43:54 rt_1 pluto[12574]: | sending 1 bytes for NAT-T Keep Alive
through eth0 to x.x.x.x:4500:
Jul 13 12:43:54 rt_1 pluto[12574]: | ff
Jul 13 12:43:54 rt_1 pluto[12574]: | inserting event
EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Jul 13 12:43:54 rt_1 pluto[12574]: | next event EVENT_NAT_T_KEEPALIVE in
20 seconds
Jul 13 12:44:14 rt_1 pluto[12574]: |
Jul 13 12:44:14 rt_1 pluto[12574]: | *time to handle event
Jul 13 12:44:14 rt_1 pluto[12574]: | event after this is EVENT_RETRANSMIT
in 14 seconds
Jul 13 12:44:14 rt_1 pluto[12574]: | ka_event: send NAT-KA to
x.x.x.x:4500
Jul 13 12:44:14 rt_1 pluto[12574]: | sending 1 bytes for NAT-T Keep Alive
through eth0 to x.x.x.x:4500:
Jul 13 12:44:14 rt_1 pluto[12574]: | ff
Jul 13 12:44:14 rt_1 pluto[12574]: | inserting event
EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
Jul 13 12:44:14 rt_1 pluto[12574]: | next event EVENT_RETRANSMIT in 14
seconds for #3
Paul Wouters wrote:
On Thu, 13 Jul 2006, Adam Gawda wrote:
I have problem with conneciton between linux machine (kernel 2.6, trustix-ip:
y.y.y.y) and router watchguard (ip x.x.x.x). The connection is up but after
about 1 houer goes down.
First I have:
11:52:34.024491 IP y.y.y.y.4500 > x.x.x.x.4500: UDP, length: 1
11:52:35.076491 IP x.x.x.x.4500 > y.y.y.y.4500: UDP, length: 1
11:52:54.025762 IP y.y.y.y.4500 > x.x.x.x.4500: UDP, length: 1
11:52:55.073841 IP x.x.x.x.4500 > y.y.y.y.4500: UDP, length: 1
and when connection goes down:
11:50:41.889449 IP x.x.x.x.isakmp > y.y.y.y.4500: isakmp: phase 1 ? ident
11:51:11.937249 IP x.x.x.x.isakmp > y.y.y.y.4500: isakmp: phase 1 ? ident
11:51:21.876927 IP y.y.y.y.4500 > x.x.x.x.4500: UDP, length: 240
11:51:21.923872 IP x.x.x.x.isakmp > y.y.y.y.4500: isakmp: phase 1 ? ident
11:51:32.524673 IP x.x.x.x.isakmp > y.y.y.y.4500: isakmp: phase 1 ? ident
11:51:32.525172 IP x.x.x.x.isakmp > y.y.y.y.4500: isakmp: phase 1 ? ident
This does not tell us anything. Show us the pluto logs of the openswan
server when this happens.
Paui
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
<br>
</body>
</html>