<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>RE: [Openswan Users] Ipsec auto --up {tunnelname} hangs</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3354" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2>I tried one more experiment looking for a workaround.
While the right side is hanging, what happens when the 2nd tunnel on the left
side - the tunnel I'm waiting for on the right side - comes up? Short
answer - the right side still hangs. I didn't wait as long this time - I
don't want to bring up these tunnels too much and interfere with the
network. </FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2>I suppose I could fork off a script that looks for
a hung ipsec whack proceess and then kills it, before doing ipsec auto
--up. But that would be a total hack.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2>Here is what happened on the right
side:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2>[root@lme-fw ~]#<BR>[root@lme-fw ~]# ipsec auto --delete
JanesvillePNT-Everywhere<BR>021 no connection named
"JanesvillePNT-Everywhere"<BR>[root@lme-fw ~]# date<BR>Sat Jun 21 00:04:10 CDT
2008<BR>[root@lme-fw ~]# ipsec auto --add
JanesvillePNT-Everywhere<BR>[root@lme-fw ~]# date<BR>Sat Jun 21 00:04:18 CDT
2008<BR>[root@lme-fw ~]# ipsec auto --up JanesvillePNT-Everywhere<BR>104
"JanesvillePNT-Everywhere" #130: STATE_MAIN_I1: initiate<BR>003
"JanesvillePNT-Everywhere" #130: ignoring unknown Vendor ID payload
[4f455f5d7b764b67436f4f49]<BR>003 "JanesvillePNT-Everywhere" #130: received
Vendor ID payload [Dead Peer Detection]<BR>003 "JanesvillePNT-Everywhere" #130:
received Vendor ID payload [RFC 3947] method set to=110<BR>106
"JanesvillePNT-Everywhere" #130: STATE_MAIN_I2: sent MI2, expecting MR2<BR>003
"JanesvillePNT-Everywhere" #130: NAT-Traversal: Result using 3: no NAT
detected<BR>108 "JanesvillePNT-Everywhere" #130: STATE_MAIN_I3: sent MI3,
expecting MR3<BR>003 "JanesvillePNT-Everywhere" #130: we require peer to have ID
<A href="mailto:'@janesvillepnt.local'">'@janesvillepnt.local'</A>, but peer
declares <A
href="mailto:'@janesvillecheetah.local'">'@janesvillecheetah.local'</A><BR>218
"JanesvillePNT-Everywhere" #130: STATE_MAIN_I3:
INVALID_ID_INFORMATION</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><SPAN
class=879220705-21062008>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2></FONT><BR><FONT
face=Arial color=#0000ff size=2># the whack is hanging. Now I will bring
up the tunnel on the left side</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2></FONT><BR><FONT
face=Arial color=#0000ff size=2># Nope - still hung.</FONT></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2>[root@lme-fw
~]#<BR>[root@lme-fw ~]# date<BR>Sat Jun 21 00:06:39 CDT 2008<BR>[root@lme-fw
~]#<BR></FONT></DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2>Here is what happened on the left side in another window,
while the right side was hung:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=879220705-21062008><FONT face=Arial
color=#0000ff size=2>[root@Janesville-fw1 ipsec.d]#<BR>[root@Janesville-fw1
ipsec.d]# ipsec auto --add JanesvillePNT-Everywhere<BR>[root@Janesville-fw1
ipsec.d]# ipsec auto --up JanesvillePNT-Everywhere<BR>104
"JanesvillePNT-Everywhere" #1530: STATE_MAIN_I1: initiate<BR>003
"JanesvillePNT-Everywhere" #1530: ignoring unknown Vendor ID payload
[4f456e4d43757f784f704063]<BR>003 "JanesvillePNT-Everywhere" #1530: received
Vendor ID payload [Dead Peer Detection]<BR>003 "JanesvillePNT-Everywhere" #1530:
received Vendor ID payload [RFC 3947] method set to=110<BR>106
"JanesvillePNT-Everywhere" #1530: STATE_MAIN_I2: sent MI2, expecting MR2<BR>003
"JanesvillePNT-Everywhere" #1530: NAT-Traversal: Result using RFC 3947
(NAT-Traversal): no NAT detected<BR>108 "JanesvillePNT-Everywhere" #1530:
STATE_MAIN_I3: sent MI3, expecting MR3<BR>004 "JanesvillePNT-Everywhere" #1530:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}<BR>117
"JanesvillePNT-Everywhere" #1531: STATE_QUICK_I1: initiate<BR>004
"JanesvillePNT-Everywhere" #1531: STATE_QUICK_I2: sent QI2, IPsec SA established
{ESP=>0xe01ba744 <0x2888c26f xfrm=AES_0-HMAC_SHA1 NATD=none
DPD=none}<BR>[root@Janesville-fw1 ipsec.d]#<BR>[root@Janesville-fw1
ipsec.d]#<BR>[root@Janesville-fw1 ipsec.d]# ipsec auto --down
JanesvillePNT-Everywhere<BR>[root@Janesville-fw1 ipsec.d]# ipsec auto --delete
JanesvillePNT-Everywhere<BR>[root@Janesville-fw1 ipsec.d]# date<BR>Sat Jun 21
00:06:33 CDT 2008<BR>[root@Janesville-fw1
ipsec.d]#<BR></FONT></SPAN></DIV></SPAN>
<DIV dir=ltr align=left><SPAN lang=en-us><FONT face=Arial size=2>-
Greg</FONT></SPAN> </DIV></BODY></HTML>