[Openswan dev] 2.3.1: regression from 2.2.0 to 2.3 still exists (3)
Rene Mayrhofer
rene.mayrhofer at gibraltar.at
Sun Apr 10 13:53:59 CEST 2005
Hi all,
And another data point: I have now configure machine B with the IP address of
machine A instead of %any, so it also doesn't seem to be a road warrior
problem. Additionally. machine B now uses machine A's certificate directly.
Machine B's block now looks:
conn wlanIpsecOnly
left=10.0.0.129
leftnexthop=%direct
leftsubnet=0.0.0.0/0
right=10.0.0.163
rightcert=styx.pem
auto=add
And machine B:
conn wlan
left=%defaultroute
rightsubnet=0.0.0.0/0
right=10.0.0.129
rightcert=whispercert.pem
auto=add
Still the same behavior, machine B's pluto crashes. The logs (without
plutodebug="all") are for machine B:
[root at whisper ~]# /etc/init.d/ipsec restart; tail -f /var/log/auth.log
ipsec_setup: Stopping Openswan IPsec...
ipsec_setup: Starting Openswan IPsec U2.3.1/K2.6.10...
Apr 10 12:44:29 whisper pluto[28125]: starting up 1 cryptographic helpers
Apr 10 12:44:29 whisper pluto[28125]: started helper pid=28135 (fd:6)
Apr 10 12:44:29 whisper pluto[28125]: Using Linux 2.6 IPsec interface code
Apr 10 12:44:30 whisper pluto[28125]: Changing to directory
'/etc/ipsec.d/cacerts'
Apr 10 12:44:30 whisper pluto[28125]: loaded CA cert file
'subCAcert.pem' (5360 bytes)
Apr 10 12:44:30 whisper pluto[28125]: loaded CA cert file
'rootCAcert.pem' (1785 bytes)
Apr 10 12:44:30 whisper pluto[28125]: Changing to directory
'/etc/ipsec.d/aacerts'
Apr 10 12:44:30 whisper pluto[28125]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Apr 10 12:44:30 whisper pluto[28125]: Changing to directory
'/etc/ipsec.d/crls'
Apr 10 12:44:30 whisper pluto[28125]: Warning: empty directory
Apr 10 12:44:31 whisper pluto[28125]: loaded host cert file
'/etc/ipsec.d/certs/whispercert.pem' (5550 bytes)
Apr 10 12:44:31 whisper pluto[28125]: loaded host cert file
'/etc/ipsec.d/certs/styx.pem' (5538 bytes)
Apr 10 12:44:31 whisper pluto[28125]: added connection description
"wlanIpsecOnly"
Apr 10 12:44:31 whisper pluto[28125]: listening for IKE messages
Apr 10 12:44:31 whisper pluto[28125]: adding interface tun0/tun0
10.0.0.161:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface vlan3/vlan3
10.0.0.129:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface int/int 10.0.0.1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface lo/lo 127.0.0.1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface ext/ext z.z.z.z:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface sit0/sit0 ::a00:1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface
sit0/sit0 ::510a:b45e:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface sit0/sit0 ::7f00:1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface sit0/sit0 ::a00:81:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface lo/lo ::1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface int/int
3ffe:x:x:2::1:500
Apr 10 12:44:31 whisper pluto[28125]: adding interface vlan3/vlan3
3ffe:x:x:3::1:500
Apr 10 12:44:31 whisper pluto[28125]: loading secrets from
"/etc/ipsec.secrets"
Apr 10 12:44:31 whisper pluto[28125]: loaded private key file
'/etc/ipsec.d/private/whisperkey.pem' (1679 bytes)
[ then I initiated the connection at machine A ]
Apr 10 12:44:39 whisper pluto[28125]: packet from 10.0.0.163:500: received
Vendor ID payload [Openswan (this version) 2.3.1 X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Apr 10 12:44:39 whisper pluto[28125]: packet from 10.0.0.163:500: received
Vendor ID payload [Dead Peer Detection]
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: responding to Main
Mode
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: transition from
stateSTATE_MAIN_R0 to state STATE_MAIN_R1
Apr 10 12:44:39 whisper pluto[28125]: packet from 10.0.0.163:500: received
Vendor ID payload [Openswan (this version) 2.3.1 X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Apr 10 12:44:39 whisper pluto[28125]: packet from 10.0.0.163:500: received
Vendor ID payload [Dead Peer Detection]
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #2: responding to Main
Mode
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #2: transition from
stateSTATE_MAIN_R0 to state STATE_MAIN_R1
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: discarding packet
received during asynchronous work (DNS or crypto) in STATE_MAIN_R1
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: transition from
stateSTATE_MAIN_R1 to state STATE_MAIN_R2
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: Main mode peer ID is
ID_DER_ASN1_DN: 'C=AT, ST=Upper Austria, O=Gibraltar, OU=VPN Network Tests,
CN=styx.soft.uni-linz.ac.at, E=rene at mayrhofer.eu.org'
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: no crl from issuer
"C=AT, L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar
Intermediate Certificate, E=ca at gibraltar.at" found (strict=no)
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: no crl from issuer
"C=AT, L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar Root
Certificate, E=ca at gibraltar.at" found (strict=no)
Apr 10 12:44:39 whisper pluto[28125]: "wlanIpsecOnly" #1: I am sending my cert
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #1: transition from
stateSTATE_MAIN_R2 to state STATE_MAIN_R3
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #1: sent MR3, ISAKMP SA
established
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #1: Dead Peer Detection
(RFC 3706): enabled
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #1: retransmitting in
response to duplicate packet; already STATE_MAIN_R3
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: ASSERTION FAILED at
crypto.c:219: st->st_new_iv_len >= e->enc_blocksize
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface
vlan3/vlan33ffe:8060:1112:3::1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface int/int
3ffe:8060:1112:2::1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface lo/lo ::1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface
sit0/sit0 ::a00:81
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface
sit0/sit0 ::7f00:1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface
sit0/sit0 ::510a:b45e
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface
sit0/sit0 ::a00:1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface ext/ext
z.z.z.z
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface lo/lo
127.0.0.1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface int/int
10.0.0.1
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface
vlan3/vlan310.0.0.129
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: interface tun0/tun0
10.0.0.161
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: %myid = (none)
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: debug none
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP
encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP
encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP
encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP
encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP
encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP
encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP
encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP auth
attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP auth
attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP auth
attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm ESP auth
attr: id=251, name=(null), keysizemin=0, keysizemax=0
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE
encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE
encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE hash:
id=2, name=OAKLEY_SHA1, hashsize=20
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE hash:
id=1, name=OAKLEY_MD5, hashsize=16
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh
group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh
group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh
group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh
group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh
group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh
group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: algorithm IKE dh
group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: stats db_ops.c:
{curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":
0.0.0.0/0===10.0.0.129[C=AT, ST=Upper Austria, O=Gibraltar, OU=Mayrhofer
network Linz, CN=whisper.mayrhofer.eu.org,
E=rene at mayrhofer.eu.org]...10.0.0.163[C=AT, ST=Upper Austria, O=Gibraltar,
OU=VPN Network Tests, CN=styx.soft.uni-linz.ac.at, E=rene at mayrhofer.eu.org];
unrouted; eroute owner: #0
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":
srcip=unset; dstip=unset
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":
CAs: 'C=AT, L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar
Intermediate Certificate, E=ca at gibraltar.at'...'C=AT, L=Linz, O=Gibraltar,
OU=Certificate Authority, CN=Gibraltar Intermediate Certificate,
E=ca at gibraltar.at'
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%;
keyingtries: 0
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":
policy: RSASIG+ENCRYPT+TUNNEL+PFS; prio: 0,32; interface: vlan3;
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":
dpd: action:hold; delay:3600; timeout:7200;
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":
newest ISAKMP SA: #1; newest IPsec SA: #0;
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: "wlanIpsecOnly":
IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: #2:
"wlanIpsecOnly":500 STATE_MAIN_R1 (sent MR1, expecting MI2); EVENT_RETRANSMIT
in 9s; lastdpd=-1s(seq in:0 out:0)
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: #3:
"wlanIpsecOnly":500 STATE_QUICK_R0 (expecting QI1); EVENT_CRYPTO_FAILED in
300s; lastdpd=-1s(seq in:0 out:0)
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3: #1:
"wlanIpsecOnly":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_REPLACE in 3330s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
Apr 10 12:44:40 whisper pluto[28125]: "wlanIpsecOnly" #3:
Apr 10 12:44:52 whisper ipsec__plutorun: Restarting Pluto subsystem...
Apr 10 12:44:53 whisper pluto[28464]: Starting Pluto (Openswan Version 2.3.1
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEExalF{_o`m)
.....
[ and it restarts again ]
The line "ASSERTION FAILED at crypto.c:219: st->st_new_iv_len >=
e->enc_blocksize" might be a hint.
Machine A's logs are again rather uninteresting:
Apr 10 12:44:38 localhost ipsec__plutorun: Starting Pluto subsystem...
Apr 10 12:44:38 localhost pluto[17825]: Starting Pluto (Openswan Version 2.3.1
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEExalF{_o`m)
Apr 10 12:44:38 localhost pluto[17825]: Setting port floating to off
Apr 10 12:44:38 localhost pluto[17825]: port floating activate 0/1
Apr 10 12:44:38 localhost pluto[17825]: including NAT-Traversal patch
(Version 0.6c) [disabled]
Apr 10 12:44:38 localhost pluto[17825]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Apr 10 12:44:38 localhost pluto[17825]: starting up 1 cryptographic helpers
Apr 10 12:44:38 localhost pluto[17825]: started helper pid=17837 (fd:6)
Apr 10 12:44:38 localhost pluto[17825]: Using Linux 2.6 IPsec interface code
Apr 10 12:44:38 localhost pluto[17825]: Changing to directory
'/etc/ipsec.d/cacerts'
Apr 10 12:44:38 localhost pluto[17825]: loaded CA cert file
'subCAcert.pem' (5360 bytes)
Apr 10 12:44:38 localhost pluto[17825]: loaded CA cert file
'rootCAcert.pem' (1785 bytes)
Apr 10 12:44:38 localhost pluto[17825]: Changing to directory
'/etc/ipsec.d/aacerts'
Apr 10 12:44:38 localhost pluto[17825]: Changing to directory
'/etc/ipsec.d/ocspcerts'
Apr 10 12:44:38 localhost pluto[17825]: Changing to directory
'/etc/ipsec.d/crls'
Apr 10 12:44:38 localhost pluto[17825]: Warning: empty directory
Apr 10 12:44:38 localhost pluto[17825]: loaded host cert file
'/etc/ipsec.d/certs/styx.pem' (5538 bytes)
Apr 10 12:44:38 localhost pluto[17825]: loaded host cert file
'/etc/ipsec.d/certs/whispercert.pem' (5550 bytes)
Apr 10 12:44:38 localhost pluto[17825]: added connection description "wlan"
Apr 10 12:44:38 localhost pluto[17825]: listening for IKE messages
Apr 10 12:44:38 localhost pluto[17825]: adding interface ath0/ath0
10.0.0.163:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface lo/lo 127.0.0.1:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface eth0/eth0
10.0.0.11:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface eth0/eth0
3ffe:x:x:2:211:25ff:fe12:3570:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface ath0/ath0
3ffe:x:x:3:205:4eff:fe4e:229c:500
Apr 10 12:44:38 localhost pluto[17825]: adding interface lo/lo ::1:500
Apr 10 12:44:38 localhost pluto[17825]: loading secrets from
"/etc/ipsec.secrets"
Apr 10 12:44:38 localhost pluto[17825]: loaded private key file
'/etc/ipsec.d/private/styx.key' (1679 bytes)
Apr 10 12:44:38 localhost pluto[17825]: loaded private key file
'/etc/ipsec.d/private/styxKey.pem' (1679 bytes)
Apr 10 12:44:39 localhost sudo: rene : TTY=unknown ; PWD=/home/rene ;
USER=root ; COMMAND=/usr/sbin/ipsec auto --up wlan
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: initiating Main Mode
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: received Vendor ID payload
[Openswan (this version) 2.3.1 X.509-1.5.4 PLUTO_SENDS_VENDORID
PLUTO_USES_KEYRR]
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: received Vendor ID payload
[Dead Peer Detection]
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: discarding packet received
during asynchronous work (DNS or crypto) in STATE_MAIN_I1
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: I am sending my cert
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: I am sending a certificate
request
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: Main mode peer ID is
ID_DER_ASN1_DN: 'C=AT, ST=Upper Austria, O=Gibraltar, OU=Mayrhofer network
Linz, CN=whisper.mayrhofer.eu.org, E=rene at mayrhofer.eu.org'
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: no crl from issuer "C=AT,
L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar Intermediate
Certificate, E=ca at gibraltar.at" found (strict=no)
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: no crl from issuer "C=AT,
L=Linz, O=Gibraltar, OU=Certificate Authority, CN=Gibraltar Root Certificate,
E=ca at gibraltar.at" found (strict=no)
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: ISAKMP SA established
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: Dead Peer Detection (RFC
3706): enabled
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #2: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Apr 10 12:44:39 localhost pluto[17825]: "wlan" #1: discarding duplicate
packet;already STATE_MAIN_I4
Apr 10 12:44:49 localhost pluto[17825]: unknown cmsg: level 0, type 8, len 24
Apr 10 12:44:49 localhost pluto[17825]: "wlan" #2: ERROR: asynchronous network
error report on ath0 for message to 10.0.0.129 port 500, complainant
10.0.0.129:Connection refused [errno 111, origin ICMP type 3 code 3 (not
authenticated)]
Apr 10 12:44:49 localhost pluto[17825]: unknown cmsg: level 0, type 8, len 24
Apr 10 12:44:49 localhost pluto[17825]: "wlan" #2: ERROR: asynchronous network
error report on ath0 for message to 10.0.0.129 port 500, complainant
10.0.0.129:Connection refused [errno 111, origin ICMP type 3 code 3 (not
authenticated)]
Any ideas what I could try next? In fact, I can't get it to work at all
between those two hosts (and it worked perfectly with 2.2.0 for quite some
time).
with best regards,
Rene
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20050410/93035bad/attachment.bin
More information about the Dev
mailing list