[Openswan Users] Problem with Openswan 1 where Freeswan works..
Marcel J.E. Mol
marcel at mesa.nl
Wed Mar 24 00:09:58 CET 2004
Hello,
Today I tried to convert from freeswan to openswan. It seemed to quite well,
but one of the connections does not seem to startup properly. This is on a
redhat 7.2 system connected to Internet with and ADSL link.
I'm Going from kernel 2.4.9 with freeswan 1.97 to kernel 2.4.20 with
openswan 1.0.1.
ipsec.conf:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
#nat_traversal=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dns
rightrsasigkey=%dns
#
# There has a Cisco VPN 3005 concentrator
# We talk Freeswan
# Connect using a shared secret...
#
conn here-there
authby=secret
type=tunnel
left=%defaultroute
leftsubnet=192.168.17.0/24
right=9.10.11.12
rightid=192.168.14.10
rightsubnet=172.16.0.0/23
keyexchange=ike
keyingtries=0
auth=esp
esp=3des-md5-96
pfs=no
keylife=8h
ikelifetime=8h
#lifetime=8h
auto=start
The freeswan installation did not have the NAT-Traversal code and has
a running vpn in just a few seconds after starting up:
Mar 23 22:10:00 bowmore ipsec__plutorun: Starting Pluto subsystem...
Mar 23 22:10:00 bowmore Pluto[1509]: Starting Pluto (FreeS/WAN Version 1.97)
Mar 23 22:10:01 bowmore Pluto[1509]: added connection description "here-there"
Mar 23 22:10:02 bowmore Pluto[1509]: listening for IKE messages
Mar 23 22:10:02 bowmore Pluto[1509]: adding interface ipsec0/ppp0 1.2.3.4
Mar 23 22:10:02 bowmore Pluto[1509]: loading secrets from "/etc/ipsec.secrets"
Mar 23 22:10:03 bowmore Pluto[1509]: "here-there" #1: initiating Main Mode
Mar 23 22:10:06 bowmore Pluto[1509]: "here-there" #1: ignoring Vendor ID payload
Mar 23 22:10:09 bowmore Pluto[1509]: "here-there" #1: ignoring Vendor ID payload
Mar 23 22:10:09 bowmore Pluto[1509]: "here-there" #1: ignoring Vendor ID payload
Mar 23 22:10:09 bowmore Pluto[1509]: "here-there" #1: ignoring Vendor ID payload
Mar 23 22:10:09 bowmore Pluto[1509]: "here-there" #1: ignoring Vendor ID payload
Mar 23 22:10:12 bowmore Pluto[1509]: "here-there" #1: ignoring Vendor ID payload
Mar 23 22:10:12 bowmore Pluto[1509]: "here-there" #1: ISAKMP SA established
Mar 23 22:10:12 bowmore Pluto[1509]: "here-there" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Mar 23 22:10:14 bowmore Pluto[1509]: "here-there" #4: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Mar 23 22:10:20 bowmore Pluto[1509]: "here-there" #3: sent QI2, IPsec SA established
Mar 23 22:10:22 bowmore Pluto[1509]: "here-there" #4: sent QI2, IPsec SA established
Starting openswan with nat_traversal set to no occasionally gives me a
connection, but only aftwer waiting for quite some time (minutes). Most of
the time the pluto logs looks like:
Mar 23 22:20:29 bowmore ipsec__plutorun: Starting Pluto subsystem...
Mar 23 22:20:29 bowmore pluto[1463]: Starting Pluto (Openswan Version 1.0.1)
Mar 23 22:20:30 bowmore pluto[1463]: including X.509 patch with traffic selectors (Version 0.9.37)
Mar 23 22:20:30 bowmore pluto[1463]: including NAT-Traversal patch (Version 0.6) [disabled]
Mar 23 22:20:30 bowmore pluto[1463]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Mar 23 22:20:30 bowmore pluto[1463]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Mar 23 22:20:30 bowmore pluto[1463]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Mar 23 22:20:30 bowmore pluto[1463]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Mar 23 22:20:30 bowmore pluto[1463]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Mar 23 22:20:30 bowmore pluto[1463]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Mar 23 22:20:30 bowmore pluto[1463]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Mar 23 22:20:30 bowmore pluto[1463]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Mar 23 22:20:31 bowmore pluto[1463]: Changing to directory '/etc/ipsec.d/cacerts'
Mar 23 22:20:31 bowmore pluto[1463]: Warning: empty directory
Mar 23 22:20:31 bowmore pluto[1463]: Changing to directory '/etc/ipsec.d/crls'
Mar 23 22:20:31 bowmore pluto[1463]: Warning: empty directory
Mar 23 22:20:31 bowmore pluto[1463]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
Mar 23 22:20:31 bowmore pluto[1463]: added connection description "here-there"
Mar 23 22:20:33 bowmore pluto[1463]: listening for IKE messages
Mar 23 22:20:33 bowmore pluto[1463]: adding interface ipsec0/ppp0 1.2.3.4
Mar 23 22:20:33 bowmore pluto[1463]: loading secrets from "/etc/ipsec.secrets"
Mar 23 22:20:35 bowmore pluto[1463]: "here-there" #1: initiating Main Mode
Mar 23 22:20:39 bowmore pluto[1463]: "here-there" #1: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 22:20:40 bowmore pluto[1463]: "here-there" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 23 22:20:41 bowmore pluto[1463]: "here-there" #1: ignoring Vendor ID payload [Cisco-Unity]
Mar 23 22:20:41 bowmore pluto[1463]: "here-there" #1: ignoring Vendor ID payload [XAUTH]
Mar 23 22:20:41 bowmore pluto[1463]: "here-there" #1: ignoring Vendor ID payload [3b1b86f9266e8b4d...]
Mar 23 22:20:41 bowmore pluto[1463]: "here-there" #1: ignoring Vendor ID payload [1f07f70eaa6514d3...]
Mar 23 22:20:42 bowmore pluto[1463]: "here-there" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 23 22:20:43 bowmore pluto[1463]: "here-there" #1: received Vendor ID payload [Dead Peer Detection]
Mar 23 22:20:43 bowmore pluto[1463]: "here-there" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.14.10'
Mar 23 22:20:43 bowmore pluto[1463]: "here-there" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 23 22:20:43 bowmore pluto[1463]: "here-there" #1: ISAKMP SA established
Mar 23 22:20:43 bowmore pluto[1463]: "here-there" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Mar 23 22:20:45 bowmore pluto[1463]: "here-there" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Mar 23 22:20:47 bowmore pluto[1463]: "here-there" #1: received Delete SA payload: deleting ISAKMP State #1
Mar 23 22:20:48 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:20:48 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:20:48 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:20:56 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:20:56 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:20:57 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:20:57 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:21:16 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:21:16 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:21:17 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:21:17 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:21:56 bowmore pluto[1463]: "here-there" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Mar 23 22:21:56 bowmore pluto[1463]: "here-there" #2: starting keying attempt 2 of an unlimited number
Mar 23 22:21:56 bowmore pluto[1463]: "here-there" #6: initiating Main Mode
Mar 23 22:21:59 bowmore pluto[1463]: "here-there" #3: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Mar 23 22:21:59 bowmore pluto[1463]: "here-there" #3: starting keying attempt 2 of an unlimited number, but releasing whack
Mar 23 22:21:59 bowmore pluto[1463]: "here-there" #6: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 22:22:01 bowmore pluto[1463]: "here-there" #6: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 23 22:22:03 bowmore pluto[1463]: "here-there" #6: ignoring Vendor ID payload [Cisco-Unity]
Mar 23 22:22:03 bowmore pluto[1463]: "here-there" #6: ignoring Vendor ID payload [XAUTH]
Mar 23 22:22:03 bowmore pluto[1463]: "here-there" #6: ignoring Vendor ID payload [3dd98e67c6f80981...]
Mar 23 22:22:03 bowmore pluto[1463]: "here-there" #6: ignoring Vendor ID payload [1f07f70eaa6514d3...]
Mar 23 22:22:05 bowmore pluto[1463]: "here-there" #6: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 23 22:22:09 bowmore pluto[1463]: "here-there" #6: received Vendor ID payload [Dead Peer Detection]
Mar 23 22:22:09 bowmore pluto[1463]: "here-there" #6: Main mode peer ID is ID_IPV4_ADDR: '192.168.14.10'
Mar 23 22:22:09 bowmore pluto[1463]: "here-there" #6: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 23 22:22:09 bowmore pluto[1463]: "here-there" #6: ISAKMP SA established
Mar 23 22:22:09 bowmore pluto[1463]: "here-there" #8: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #3
Mar 23 22:22:11 bowmore pluto[1463]: "here-there" #9: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Mar 23 22:22:13 bowmore pluto[1463]: "here-there" #6: received Delete SA payload: deleting ISAKMP State #6
Mar 23 22:22:13 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:22:14 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:22:14 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:22:21 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:22:21 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:22:22 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:22:23 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:22:41 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:22:41 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:22:42 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring informational payload, type INVALID_COOKIE
Mar 23 22:22:43 bowmore pluto[1463]: packet from 9.10.11.12:500: received and ignored informational message
Mar 23 22:22:53 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 22:22:53 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 22:22:53 bowmore pluto[1463]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Starting openswan with nat_traversal set to yes does not give me a
connection at all.
Mar 23 21:26:14 bowmore ipsec__plutorun: Starting Pluto subsystem...
Mar 23 21:26:14 bowmore pluto[6126]: Starting Pluto (Openswan Version 1.0.1)
Mar 23 21:26:14 bowmore pluto[6126]: including X.509 patch with traffic selectors (Version 0.9.37)
Mar 23 21:26:14 bowmore pluto[6126]: including NAT-Traversal patch (Version 0.6)
Mar 23 21:26:14 bowmore pluto[6126]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Mar 23 21:26:14 bowmore pluto[6126]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Mar 23 21:26:14 bowmore pluto[6126]: ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
Mar 23 21:26:14 bowmore pluto[6126]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Mar 23 21:26:14 bowmore pluto[6126]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Mar 23 21:26:14 bowmore pluto[6126]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Mar 23 21:26:14 bowmore pluto[6126]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Mar 23 21:26:14 bowmore pluto[6126]: ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
Mar 23 21:26:15 bowmore pluto[6126]: Changing to directory '/etc/ipsec.d/cacerts'
Mar 23 21:26:15 bowmore pluto[6126]: Warning: empty directory
Mar 23 21:26:15 bowmore pluto[6126]: Changing to directory '/etc/ipsec.d/crls'
Mar 23 21:26:15 bowmore pluto[6126]: Warning: empty directory
Mar 23 21:26:15 bowmore pluto[6126]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
Mar 23 21:26:15 bowmore pluto[6126]: added connection description "here-there"
Mar 23 21:26:16 bowmore pluto[6126]: listening for IKE messages
Mar 23 21:26:16 bowmore pluto[6126]: adding interface ipsec0/ppp0 1.2.3.4
Mar 23 21:26:16 bowmore pluto[6126]: adding interface ipsec0/ppp0 1.2.3.4:4500
Mar 23 21:26:16 bowmore pluto[6126]: loading secrets from "/etc/ipsec.secrets"
Mar 23 21:26:18 bowmore pluto[6126]: "here-there" #1: initiating Main Mode
Mar 23 21:26:22 bowmore pluto[6126]: "here-there" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:26:22 bowmore pluto[6126]: "here-there" #1: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:26:24 bowmore pluto[6126]: "here-there" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 23 21:26:25 bowmore pluto[6126]: "here-there" #1: ignoring Vendor ID payload [Cisco-Unity]
Mar 23 21:26:25 bowmore pluto[6126]: "here-there" #1: ignoring Vendor ID payload [XAUTH]
Mar 23 21:26:25 bowmore pluto[6126]: "here-there" #1: ignoring Vendor ID payload [7ba93f6854332f72...]
Mar 23 21:26:25 bowmore pluto[6126]: "here-there" #1: ignoring Vendor ID payload [1f07f70eaa6514d3...]
Mar 23 21:26:26 bowmore pluto[6126]: "here-there" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Mar 23 21:26:27 bowmore pluto[6126]: "here-there" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 23 21:26:27 bowmore pluto[6126]: "here-there" #1: received Vendor ID payload [Dead Peer Detection]
Mar 23 21:26:27 bowmore pluto[6126]: "here-there" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.14.10'
Mar 23 21:26:28 bowmore pluto[6126]: "here-there" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 23 21:26:28 bowmore pluto[6126]: "here-there" #1: ISAKMP SA established
Mar 23 21:26:28 bowmore pluto[6126]: "here-there" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Mar 23 21:26:30 bowmore pluto[6126]: "here-there" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Mar 23 21:26:32 bowmore pluto[6126]: "here-there" #1: received Delete SA payload: deleting ISAKMP State #1
Mar 23 21:26:32 bowmore pluto[6126]: packet from 9.10.11.12:4500: received and ignored informational message
Mar 23 21:26:33 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:26:33 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:26:33 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:26:33 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:26:39 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:26:39 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:26:39 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:26:39 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:26:47 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:26:47 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:26:47 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:26:47 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:26:55 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:26:55 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:26:55 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:26:55 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:27:42 bowmore pluto[6126]: "here-there" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Mar 23 21:27:42 bowmore pluto[6126]: "here-there" #2: starting keying attempt 2 of an unlimited number
Mar 23 21:27:42 bowmore pluto[6126]: "here-there" #5: initiating Main Mode
Mar 23 21:27:46 bowmore pluto[6126]: "here-there" #3: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Mar 23 21:27:46 bowmore pluto[6126]: "here-there" #3: starting keying attempt 2 of an unlimited number, but releasing whack
Mar 23 21:27:49 bowmore pluto[6126]: "here-there" #5: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:27:49 bowmore pluto[6126]: "here-there" #5: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:27:50 bowmore pluto[6126]: "here-there" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 23 21:27:53 bowmore pluto[6126]: "here-there" #5: ignoring Vendor ID payload [Cisco-Unity]
Mar 23 21:27:53 bowmore pluto[6126]: "here-there" #5: ignoring Vendor ID payload [XAUTH]
Mar 23 21:27:53 bowmore pluto[6126]: "here-there" #5: ignoring Vendor ID payload [d3a0e9cf43f0c74c...]
Mar 23 21:27:53 bowmore pluto[6126]: "here-there" #5: ignoring Vendor ID payload [1f07f70eaa6514d3...]
Mar 23 21:27:54 bowmore pluto[6126]: "here-there" #5: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Mar 23 21:27:55 bowmore pluto[6126]: "here-there" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 23 21:28:00 bowmore pluto[6126]: "here-there" #5: received Vendor ID payload [Dead Peer Detection]
Mar 23 21:28:00 bowmore pluto[6126]: "here-there" #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.14.10'
Mar 23 21:28:00 bowmore pluto[6126]: "here-there" #5: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 23 21:28:00 bowmore pluto[6126]: "here-there" #5: ISAKMP SA established
Mar 23 21:28:00 bowmore pluto[6126]: "here-there" #8: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #3
Mar 23 21:28:01 bowmore pluto[6126]: "here-there" #9: initiating Quick Mode PSK+ENCRYPT+TUNNEL
Mar 23 21:28:04 bowmore pluto[6126]: "here-there" #5: received Delete SA payload: deleting ISAKMP State #5
Mar 23 21:28:05 bowmore pluto[6126]: packet from 9.10.11.12:4500: received and ignored informational message
Mar 23 21:28:06 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:28:06 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:28:06 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:28:06 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:28:15 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:28:15 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:28:15 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:28:15 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:28:40 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:28:40 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:28:40 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:28:40 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:28:49 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:28:49 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:28:49 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:28:49 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:28:56 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 23 21:28:56 bowmore pluto[6126]: packet from 9.10.11.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Mar 23 21:28:56 bowmore pluto[6126]: packet from 9.10.11.12:500: ignoring Vendor ID payload [4048b7d56ebce885...]
Mar 23 21:28:56 bowmore pluto[6126]: packet from 9.10.11.12:500: initial Main Mode message received on 1.2.3.4:500 but no connection has been authorized
Mar 23 21:29:13 bowmore pluto[6126]: "here-there" #8: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Can someone explain what I do wrong.
Thanks,
-Marcel
--
======-------- Marcel J.E. Mol MESA Consulting B.V.
=======--------- ph. +31-(0)6-54724868 P.O. Box 112
=======--------- marcel at mesa.nl 2630 AC Nootdorp
__==== www.mesa.nl ---____U_n_i_x______I_n_t_e_r_n_e_t____ The Netherlands ____
They couldn't think of a number, Linux user 1148 -- counter.li.org
so they gave me a name! -- Rupert Hine -- www.ruperthine.com
More information about the Users
mailing list