[Openswan Users] moderate success
mark
markzero at logik.ath.cx
Mon Feb 9 16:49:13 CET 2004
For some reason, my IPSec tunnel suddenly decided to work... well...
when I say work I mean starting it up resulted in no obvious errors on
the command line.
I am seeing this in logs though:
Feb 9 16:38:45 logik pluto[442]: "logik-to-cubic" #4: discarding
duplicate packet; already STATE_QUICK_R1
Feb 9 16:39:25 logik pluto[442]: "logik-to-cubic" #4: max number of
retransmissions (2) reached STATE_QUICK_R1
Feb 9 16:39:25 logik pluto[442]: "logik-to-cubic" #5: responding to
Quick Mode
Feb 9 16:39:36 logik pluto[442]: "logik-to-cubic" #5: discarding
duplicate packet; already STATE_QUICK_R1
Feb 9 16:39:56 logik pluto[442]: "logik-to-cubic" #5: discarding
duplicate packet; already STATE_QUICK_R1
Feb 9 16:40:35 logik pluto[442]: "logik-to-cubic" #5: max number of
retransmissions (2) reached STATE_QUICK_R1
Feb 9 16:40:36 logik pluto[442]: "logik-to-cubic" #6: responding to
Quick Mode
Feb 9 16:40:45 logik pluto[442]: "logik-to-cubic" #6: discarding
duplicate packet; already STATE_QUICK_R1
Feb 9 16:41:05 logik pluto[442]: "logik-to-cubic" #6: discarding
duplicate packet; already STATE_QUICK_R1
Is this normal? If so, is there any way to get this output into a
different log as it's generating a lot of noise!
---snip----
since inserting that log, an error appeared:
Feb 9 16:41:45 logik pluto[442]: "logik-to-cubic" #7: ERROR: netlink
XFRM_MSG_NEWPOLICY response for flow tun.10000 at 100.0.0.5 included
errno 17: File exists
which doesn't seem like a good thing...
am i to understand that my tunnel is still not functional?
cheers
mark
(to sidetrack entirely for anyone still reading)
I actually wanted IPSec for ONE thing. I wanted syslog on my server to
log to my desktop machine, but I refuse to let anything run through my
network in cleartext. I tried every method under the sun from scripted
GPG encryptions and decryptions periodically, netcat, SSH tunnels and
even tried emails which required me to install and configure postfix,
all to no avail. I am starting to believe the theory put forward by
someone on a linux forum that I am doomed to send my logs in
cleartext - until some other bright soul recommended setting up an
IPSec tunnel. Can IPSec, the last bastion of hope actually save me from
this nightmare? Find out next week in... MARK'S MYSTICAL ADVENTURE
INTO ENCRYPTION!
More information about the Users
mailing list