Hi Everyone,<br>Last night our ipsec tunnel went down. After looking at
the log file, it look like the key exchange did't happen properly. I do
see a lots of error a the last key exchange that happen before the
tunnel went down. <br>
<br>Oct 19 16:17:03 fwny-01 pluto[14450]: "nyctomtl" #1082: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW to replace #1078 {using isakmp#1081 msgid:9d32925c proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP2048}<br>
Oct 19 16:17:03 fwny-01 pluto[14450]: pluto_do_crypto: helper (-1) is exiting <br>Oct 19 16:18:13 fwny-01 pluto[14450]: "nyctomtl" #1082: max number of retransmissions (2) reached STATE_QUICK_I1<br>Oct 19 16:18:13 fwny-01 pluto[14450]: "nyctomtl" #1082: starting keying attempt 2 of an unlimited number<br>
<br><br>Oct 19 16:29:13 fwny-01 pluto[14450]: packet from <a href="http://1.2.3.4:500/" target="_blank">1.2.3.4:500</a>: pluto_do_crypto: helper (-1) is exiting <br>ATOA=none NATD=none DPD=none}<br>Oct 19 16:29:13 fwny-01 pluto[14450]: packet from <a href="http://1.2.3.4:500/" target="_blank">1.2.3.4:500</a>: pluto_do_crypto: helper (-1) is exiting <br>
Oct 19 16:29:13 fwny-01 pluto[14450]: "nyctomtl" #1092: ERROR: netlink response for Add SA <a href="mailto:esp.fe9f0294@4.3.2.1" target="_blank">esp.fe9f0294@4.3.2.1</a> included errno 3: No such process<br>Oct 19 16:29:23 fwny-01 pluto[14450]: "nyctomtl" #1092: discarding duplicate packet; already STATE_QUICK_I1<br>
Oct 19 16:29:43 fwny-01 pluto[14450]: "nyctomtl" #1092: discarding duplicate packet; already STATE_QUICK_I1<br>Oct 19 16:29:53 fwny-01 pluto[14450]: "nyctomtl" #1092: max number of retransmissions (2) reached STATE_QUICK_I1<br>
Oct 19 16:29:53 fwny-01 pluto[14450]: "nyctomtl" #1092: starting keying attempt 12 of an unlimited number<br>db0213c proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP2048}<br>Oct 19 16:29:53 fwny-01 pluto[14450]: pluto_do_crypto: helper (-1) is exiting <br>
Oct 19 16:29:53 fwny-01 pluto[14450]: packet from <a href="http://1.2.3.4:500/" target="_blank">1.2.3.4:500</a>: pluto_do_crypto: helper (-1) is exiting <br><br>Oct 19 16:30:23 fwny-01 pluto[14450]: "nyctomtl" #1081: sending notification PAYLOAD_MALFORMED to <a href="http://1.2.3.4:500/" target="_blank">1.2.3.4:500</a><br>
Oct 19 16:31:03 fwny-01 pluto[14450]: "nyctomtl" #1081: byte 2 of ISAKMP Hash Payload must be zero, but is not<br>Oct 19 16:31:03 fwny-01 pluto[14450]: "nyctomtl" #1081: malformed payload in packet<br>
<br>I am trying to understand what happen but since this was working
fine for the past 2-3 month I am not to understand why the rekey would
have fail this time. I can provide a more detail log as well as the
configuration info if needed. <br>
<br>System is Centos 5.5, with openswan-2.6.21-5.el5_4.2<br><font color="#888888"><br><br clear="all"></font><br>-- <br> !!!!!<br> ( o o )<br> --------------oOO----(_)----OOo--------------<br>
Luc Paulin | paulinster(at)<a href="http://gmail.com">gmail.com</a><br><br><br>