[Openswan dev] Failed test for fix of ipsecX tcpdump bug

Ruben Laban r.laban at ism.nl
Tue Feb 2 14:03:33 EST 2010 

Using latest git, the following happens when I try to up a conn using KLIPS:

Feb  2 19:47:10 vn-t-fw01 pluto[4669]: packet from 172.16.2.10:500: ignoring unknown Vendor ID payload [4f454a64436d56714e727861]
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: packet from 172.16.2.10:500: received Vendor ID payload [Dead Peer Detection]
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: responding to Main Mode
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: STATE_MAIN_R2: sent MR2, expecting MI3
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: Main mode peer ID is ID_IPV4_ADDR: '172.16.2.10'
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #1: the peer proposed: 172.16.4.0/24:0/0 -> 172.16.1.0/24:0/0
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: responding to Quick Mode proposal {msgid:b7cacc21}
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2:     us: 172.16.4.0/24===172.16.3.21<172.16.3.21>[+S=C]---172.16.3.10
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2:   them: 172.16.2.20---172.16.2.10<172.16.2.10>[+S=C]===172.16.1.0/24
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: | NAT-OA: 0 tunnel: 0  
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: pfkey_lib_debug:pfkey_msg_hdr_build: satype 104 > max 9 
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: "tunnel2" #2: building of pfkey_msg_hdr flow tun.1001 at 172.16.2.10 failed, code -22
Feb  2 19:47:10 vn-t-fw01 pluto[4669]: | raw_eroute result=0 
Feb  2 19:47:15 vn-t-fw01 pluto[4669]: "tunnel2" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:4dfa6c49 proposal=3DES(3)_192-MD5(1)_128, 
3DES(3)_192-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP1536}
Feb  2 19:47:15 vn-t-fw01 pluto[4669]: "tunnel2" #3: pfkey_lib_debug:pfkey_msg_hdr_build: satype 104 > max 9 
Feb  2 19:47:15 vn-t-fw01 pluto[4669]: "tunnel2" #3: building of pfkey_msg_hdr flow tun.1003 at 172.16.2.10 failed, code -22
Feb  2 19:47:15 vn-t-fw01 pluto[4669]: | raw_eroute result=0 
Feb  2 19:47:20 vn-t-fw01 pluto[4669]: "tunnel2" #2: discarding duplicate packet; already STATE_QUICK_R1
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: "tunnel2" #3: pfkey_lib_debug:pfkey_msg_hdr_build: satype 104 > max 9 
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: "tunnel2" #3: building of pfkey_msg_hdr flow tun.1003 at 172.16.2.10 failed, code -22
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: | raw_eroute result=0 
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   02 04 00 03  0b 00 00 00  1a 00 00 00  3d 12 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   03 00 01 00  88 e2 1e ce  00 01 00 00  00 00 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   00 00 00 00  00 00 00 00  03 00 05 00  00 00 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   02 00 00 00  ac 10 03 15  00 00 00 00  00 00 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   03 00 06 00  00 00 00 00  02 00 00 00  ac 10 02 0a
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   00 00 00 00  00 00 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   02 04 00 03  0b 00 00 00  1b 00 00 00  3d 12 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   03 00 01 00  62 97 48 ff  00 01 00 00  00 00 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   00 00 00 00  00 00 00 00  03 00 05 00  00 00 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   02 00 00 00  ac 10 02 0a  00 00 00 00  00 00 00 00
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   03 00 06 00  00 00 00 00  02 00 00 00  ac 10 03 15
Feb  2 19:47:25 vn-t-fw01 pluto[4669]: |   00 00 00 00  00 00 00 00
Feb  2 19:47:40 vn-t-fw01 pluto[4669]: "tunnel2" #2: discarding duplicate packet; already STATE_QUICK_R1
Feb  2 19:47:45 vn-t-fw01 pluto[4669]: "tunnel2" #3: pfkey_lib_debug:pfkey_msg_hdr_build: satype 104 > max 9 
Feb  2 19:47:45 vn-t-fw01 pluto[4669]: "tunnel2" #3: building of pfkey_msg_hdr flow tun.1003 at 172.16.2.10 failed, code -22

Linux Openswan U2.6.24rc4/K2.6.gsoc-201005.git (klips)

-- 
Regards,

Ruben Laban
Systems and Network Administrator
ISM eCompany

More information about the Dev mailing list