[Openswan Users] question about isakmp message id
David Mattes
david.mattes at boeing.com
Mon Jul 26 17:55:34 CEST 2004
Hi,
I'm having trouble maintaining state during a multipart Mode Config
exchange, happening under the protection of a ISAKMP SA. Openswan is
the initiator (client). A commercial VPN server is the responder. I'm
using openswan-2.1.2rc5.
The IPSec responder initiates the modecfg exchange after the ISAKMP SA
is established, with a specific ISA msgid. Openswan responds, using the
same msgid. The IPSec responder then starts another modecfg exchange
using a different ISA msgid. I am unable to decrypt this message
because Openswan can not find an appropriate state matching that msgid,
i.e. find_state() returns NULL.
The first modecfg exchange matches a state, only when using 0 as the
msgid in find_state():
Jul 26 16:17:28 gandalf pluto[10211]: | ICOOKIE: a9 70 51 e5 e2 e1 ad d0
Jul 26 16:17:28 gandalf pluto[10211]: | RCOOKIE: e6 31 b2 46 17 39 4c 97
Jul 26 16:17:28 gandalf pluto[10211]: | peer: c0 21 2c 2d
Jul 26 16:17:28 gandalf pluto[10211]: | state hash entry 11
Jul 26 16:17:28 gandalf pluto[10211]: | peer and cookies match on #1,
provided msgid 5aa80a46 vs 00000000
Jul 26 16:17:28 gandalf pluto[10211]: | *state object not found*
Jul 26 16:17:28 gandalf pluto[10211]: packet from 192.33.44.45:500:
Jul 26 16:17:28 gandalf pluto[10211]: | ICOOKIE: a9 70 51 e5 e2 e1 ad d0
Jul 26 16:17:28 gandalf pluto[10211]: | RCOOKIE: e6 31 b2 46 17 39 4c 97
Jul 26 16:17:28 gandalf pluto[10211]: | peer: c0 21 2c 2d
Jul 26 16:17:28 gandalf pluto[10211]: | state hash entry 11
Jul 26 16:17:28 gandalf pluto[10211]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000
Jul 26 16:17:28 gandalf pluto[10211]: | *state object #1 found, in
STATE_MAIN_I4*
Then the second exchange never matches a state:
Jul 26 16:17:28 gandalf pluto[10211]: | ICOOKIE: a9 70 51 e5 e2 e1 ad d0
Jul 26 16:17:28 gandalf pluto[10211]: | RCOOKIE: e6 31 b2 46 17 39 4c 97
Jul 26 16:17:28 gandalf pluto[10211]: | peer: c0 21 2c 2d
Jul 26 16:17:28 gandalf pluto[10211]: | state hash entry 11
Jul 26 16:17:28 gandalf pluto[10211]: | peer and cookies match on #1,
provided msgid d0af6358 vs 5aa80a46
Jul 26 16:17:28 gandalf pluto[10211]: | *state object not found*
Jul 26 16:17:28 gandalf pluto[10211]: packet from 192.33.44.45:500:
Jul 26 16:17:28 gandalf pluto[10211]: | ICOOKIE: a9 70 51 e5 e2 e1 ad d0
Jul 26 16:17:28 gandalf pluto[10211]: | RCOOKIE: e6 31 b2 46 17 39 4c 97
Jul 26 16:17:28 gandalf pluto[10211]: | peer: c0 21 2c 2d
Jul 26 16:17:28 gandalf pluto[10211]: | state hash entry 11
Jul 26 16:17:28 gandalf pluto[10211]: | peer and cookies match on #1,
provided msgid 00000000 vs 5aa80a46
Jul 26 16:17:28 gandalf pluto[10211]: | *state object not found*
Can anyone shed light into how I can retrieve the correct state to
decrypt this second modecfg message?
Thanks,
David
More information about the Users
mailing list