Hi Everyone,<br>Last night our ipsec tunnel went down. After looking at the log file, it look like the key exchange did't happen properly. I do see a lots of error a the last key exchange that happen before the tunnel went down. <br>
<br>Oct 19 16:17:03 fwny-01 pluto[14450]: "nyctomtl" #1082: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW to replace #1078 {using isakmp#1081 msgid:9d32925c proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP2048}<br>
Oct 19 16:17:03 fwny-01 pluto[14450]: pluto_do_crypto: helper (-1) is exiting <br>Oct 19 16:18:13 fwny-01 pluto[14450]: "nyctomtl" #1082: max number of retransmissions (2) reached STATE_QUICK_I1<br>Oct 19 16:18:13 fwny-01 pluto[14450]: "nyctomtl" #1082: starting keying attempt 2 of an unlimited number<br>
<br><br>Oct 19 16:29:13 fwny-01 pluto[14450]: packet from <a href="http://1.2.3.4:500" target="_blank">1.2.3.4:500</a>: pluto_do_crypto: helper (-1) is exiting <br>ATOA=none NATD=none DPD=none}<br>Oct 19 16:29:13 fwny-01 pluto[14450]: packet from <a href="http://1.2.3.4:500" target="_blank">1.2.3.4:500</a>: pluto_do_crypto: helper (-1) is exiting <br>
Oct 19 16:29:13 fwny-01 pluto[14450]: "nyctomtl" #1092: ERROR: netlink response for Add SA <a href="mailto:esp.fe9f0294@4.3.2.1" target="_blank">esp.fe9f0294@4.3.2.1</a> included errno 3: No such process<br>Oct 19 16:29:23 fwny-01 pluto[14450]: "nyctomtl" #1092: discarding duplicate packet; already STATE_QUICK_I1<br>
Oct 19 16:29:43 fwny-01 pluto[14450]: "nyctomtl" #1092: discarding duplicate packet; already STATE_QUICK_I1<br>Oct 19 16:29:53 fwny-01 pluto[14450]: "nyctomtl" #1092: max number of retransmissions (2) reached STATE_QUICK_I1<br>
Oct 19 16:29:53 fwny-01 pluto[14450]: "nyctomtl" #1092: starting keying attempt 12 of an unlimited number<br>db0213c proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP2048}<br>Oct 19 16:29:53 fwny-01 pluto[14450]: pluto_do_crypto: helper (-1) is exiting <br>
Oct 19 16:29:53 fwny-01 pluto[14450]: packet from <a href="http://1.2.3.4:500" target="_blank">1.2.3.4:500</a>: pluto_do_crypto: helper (-1) is exiting <br><br>Oct 19 16:30:23 fwny-01 pluto[14450]: "nyctomtl" #1081: sending notification PAYLOAD_MALFORMED to <a href="http://1.2.3.4:500" target="_blank">1.2.3.4:500</a><br>
Oct 19 16:31:03 fwny-01 pluto[14450]: "nyctomtl" #1081: byte 2 of ISAKMP Hash Payload must be zero, but is not<br>Oct 19 16:31:03 fwny-01 pluto[14450]: "nyctomtl" #1081: malformed payload in packet<br>
<br>I am trying to understand what happen but since this was working fine for the past 2-3 month I am not to understand why the rekey would have fail this time. I can provide a more detail log as well as the configuration info if needed. <br>
<br>System is Centos 5.5, with openswan-2.6.21-5.el5_4.2<br><br><br clear="all"><br>-- <br> !!!!!<br> ( o o )<br> --------------oOO----(_)----OOo--------------<br> Luc Paulin | paulinster(at)<a href="http://gmail.com">gmail.com</a><br>
<br><br>