<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">I have an intermittent problem where I am unable to create an openswan vpn tunnel between openswan and sonicwall using:<br>/etc/init.d/ipsec restart <br>ipsec whack --name Prod172 --xauthname or <br>ipsec whack --name Prod172 --xauthname USERNAME --xauthpass PASSWORD --initiate<br><br>The error message reads: <br>someuser@wks_name:~$ sudo ipsec whack --name Prod172 --initiate <br>002 "Prod172" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE {using isakmp#1}<br>117 "Prod172" #2: STATE_QUICK_I1: initiate<br>010 "Prod172" #2: STATE_QUICK_I1: retransmission; will wait 20s for response<br><br>There is also this seemingly interesting file descriptor error in /var/authlog shows: <br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: XAUTH username requested, but no file descriptor available for prompt<br>
Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: sending encrypted notification CERTIFICATE_UNAVAILABLE to x.x.x.x:4500<br><br>Below is relevant information about OS, kernel, Openswan version and the content of authlog for both a failed connection and a successful one. To successfully connect, just arrow up to run the very same command that may have failed previously. One way to get a failed connection is to run /etc/init.d/ipsec restart and run the same command that had previously succeeded.<br><br>ipsec --version<br>Linux Openswan U2.4.9/K2.6.24-19-generic (netkey)<br>See `ipsec --copyright' for copyright information.<br><br>Linux wks_name 2.6.24-19-generic #1 SMP Fri Jul 11 21:01:46 UTC 2008 x86_64 GNU/Linux<br><br>**** Failed Login *****<br><br>Aug 13 13:46:24 wks_name pluto[12091]: loading secrets from "/etc/ipsec.secrets"<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: initiating Aggressive Mode #1, connection
"Prod172"<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: ignoring unknown Vendor ID payload [404bf439522ca3f6]<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: ignoring unknown Vendor ID payload [5b362bc820f60006]<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: received Vendor ID payload [RFC 3947] method set to=110<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: received Vendor ID payload [Dead Peer Detection]<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: received Vendor ID payload [XAUTH]<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: Aggressive mode peer ID is ID_FQDN: '@x.x.x.x'<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: Aggressive mode peer ID is ID_FQDN: '@x.x.x.x'<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: transition from state STATE_AGGR_I1 to state
STATE_AGGR_I2<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: Dead Peer Detection (RFC 3706): enabled<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: XAUTH username requested, but no file descriptor available for prompt<br>Aug 13 13:46:24 wks_name pluto[12091]: "Prod172" #1: sending encrypted notification CERTIFICATE_UNAVAILABLE to x.x.x.x:4500<br>Aug 13 13:46:34 wks_name pluto[12091]: "Prod172" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE {using isakmp#1}<br>Aug 13 13:46:34 wks_name pluto[12091]: "Prod172" #1: Informational Exchange message must be encrypted<br>+ _________________________ date<br>+<br>+ date<br>Wed Aug 13 13:47:00 EDT 2008<br><br><br><br>**** Successful Login ****<br><br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172"
#13: initiating Aggressive Mode #13, connection "Prod172"<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: ignoring unknown Vendor ID payload [404bf439522ca3f6]<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: ignoring unknown Vendor ID payload [5b362bc820f60006]<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: received Vendor ID payload [RFC 3947] method set to=110<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: received Vendor ID payload [Dead Peer Detection]<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: received Vendor ID payload [XAUTH]<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: Aggressive mode peer ID is ID_FQDN: '@x.x.x.x'<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: Aggressive mode peer ID is ID_FQDN: '@x.x.x.x'<br>Aug 13 13:43:26 wks_name pluto[10903]:
"Prod172" #13: transition from state STATE_AGGR_I1 to state STATE_AGGR_I2<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: STATE_AGGR_I2: sent AI2, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1536}<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: Dead Peer Detection (RFC 3706): enabled<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: XAUTH: Answering XAUTH challenge with user='USERNAME'<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: transition from state STATE_XAUTH_I0 to state STATE_XAUTH_I1<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: Dead Peer Detection (RFC 3706): enabled<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: XAUTH: Successfully Authenticated<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: transition from state
STATE_XAUTH_I0 to state STATE_XAUTH_I1<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: STATE_XAUTH_I1: XAUTH client - awaiting CFG_set<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #13: Dead Peer Detection (RFC 3706): enabled<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #14: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+AGGRESSIVE {using isakmp#13}<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #14: Dead Peer Detection (RFC 3706): enabled<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #14: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Aug 13 13:43:26 wks_name pluto[10903]: "Prod172" #14: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x3f39b2c8 <0x6a0aac99 xfrm=3DES_0-HMAC_SHA1 NATD=x.x.x.x:4500 DPD=enabled}<br>Aug 13 13:43:56 wks_name pluto[10903]: "Prod172" #14: DPD: Serious: could not find newest phase 1 state<br>+ _________________________ date<br>+<br>+ date<br>Wed Aug 13 13:44:46 EDT
2008<br><br></td></tr></table><br>