[Openswan Users] Tunnel disappeared after working between Smoothwall and Debian

Tue May 25 22:33:04 CEST 2004

Hi all,

I had a working tunnel between a Smoothwall router (ipsec --version == FreeSwan 1.99) and a Debian router (ipsec --version = Linux FreeS/WAN U2.1.1/K2.6.3-1-686 (native) (native)). Suddenly without any change (that we know of) the tunnel went down and we cannot get it working again.

"ipsec restart" on both sides results in the following message:

Smoothwall side:

May 25 20:56:23 argos pluto[425]: shutting down
May 25 20:56:23 argos pluto[425]: forgetting secrets
May 25 20:56:23 argos pluto[425]: shutting down interface ipsec0/eth2 212.238.157.192
May 25 20:56:27 argos ipsec__plutorun: Starting Pluto subsystem...
May 25 20:56:27 argos pluto[652]: Starting Pluto (FreeS/WAN Version 1.99)
May 25 20:56:28 argos pluto[652]: listening for IKE messages
May 25 20:56:28 argos pluto[652]: adding interface ipsec0/eth2 212.238.157.192
May 25 20:56:28 argos pluto[652]: loading secrets from "/etc/ipsec.secrets"
May 25 20:56:52 argos pluto[652]: packet from 213.46.144.131:500: initial Main Mode message received on 212.238.157.192:500 but no connection has been authorized
May 25 20:57:32 argos pluto[652]: packet from 213.46.144.131:500: initial Main Mode message received on 212.238.157.192:500 but no connection has been authorized
May 25 20:58:52 argos last message repeated 2 times

snip ... above repeated ~ 15 times ...

May 25 21:27:13 argos pluto[652]: packet from 213.46.144.131:500: initial Main Mode message received on 212.238.157.192:500 but no connection has been authorized
May 25 21:27:36 argos pluto[652]: shutting down
May 25 21:27:36 argos pluto[652]: forgetting secrets
May 25 21:27:36 argos pluto[652]: shutting down interface ipsec0/eth2 212.238.157.192
May 25 21:27:40 argos ipsec__plutorun: Starting Pluto subsystem...
May 25 21:27:40 argos pluto[1275]: Starting Pluto (FreeS/WAN Version 1.99)
May 25 21:27:41 argos pluto[1275]: listening for IKE messages
May 25 21:27:41 argos pluto[1275]: adding interface ipsec0/eth2 212.238.157.192

Debian side;

auth.log:
May 25 23:18:10 linuxbuiten pluto[2954]: "askesis-solve-i-t" #4: max number of retransmissions (20) reached STATE_MAIN_I1.  No response (or no
May 25 23:18:10 linuxbuiten pluto[2954]: "askesis-solve-i-t" #4: starting keying attempt 3 of an unlimited number
May 25 23:18:10 linuxbuiten pluto[2954]: "askesis-solve-i-t" #5: initiating Main Mode to replace #4

deamon.log
May 25 22:51:45 linuxbuiten ipsec_setup: Stopping Openswan IPsec...
May 25 22:51:46 linuxbuiten ipsec_setup: ...Openswan IPsec stopped
May 25 22:51:46 linuxbuiten ipsec_setup: Starting Openswan IPsec U2.1.1/K2.6.3-1-686...
May 25 22:51:46 linuxbuiten ipsec_setup: KLIPS ipsec0 on eth0 213.46.144.131/255.255.255.0 broadcast 213.46.144.255
May 25 22:51:47 linuxbuiten ipsec_setup: ...Openswan IPsec started
May 25 22:51:50 linuxbuiten ipsec__plutorun: 104 "askesis-xtdnet" #1: STATE_MAIN_I1: initiate
May 25 22:51:50 linuxbuiten ipsec__plutorun: ...could not start conn "askesis-xtdnet"
May 25 22:51:50 linuxbuiten ipsec__plutorun: 104 "askesis-solve-i-t" #2: STATE_MAIN_I1: initiate
May 25 22:51:50 linuxbuiten ipsec__plutorun: ...could not start conn "askesis-solve-i-t"

Anyone any idea where to look?

Groeten,

Joost Kraaijeveld
Askesis B.V.
Molukkenstraat 14
6524NB Nijmegen
tel: 024-3888063 / 06-51855277
fax: 024-3608416
e-mail: J.Kraaijeveld at Askesis.nl
web: www.askesis.nl 