[Openswan Users] stuck in STATE_MAIN_I3/STATE_MAIN_R2

Oskar Liljeblad oskar at osk.mine.nu
Mon Oct 11 20:03:28 CEST 2004 

I enabled "control parsing" debugging and here's some output on the two
machines (alpha is initiator):

BETA:
"beta-alpha" #1: transition from state (null) to state STATE_MAIN_R1
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
| next event EVENT_RETRANSMIT in 10 seconds for #1
|  
| *received 244 bytes from 212.181.56.10:500 on eth0
| **parse ISAKMP Message:
|    initiator cookie:
|   14 62 fd 15  da a7 af 7b
|    responder cookie:
|   05 3e 7f 18  42 eb 4f d1
|    next payload type: ISAKMP_NEXT_KE
|    ISAKMP version: ISAKMP Version 1.0
|    exchange type: ISAKMP_XCHG_IDPROT
|    flags: none
|    message ID:  00 00 00 00
|    length: 244
| ICOOKIE:  14 62 fd 15  da a7 af 7b
| RCOOKIE:  05 3e 7f 18  42 eb 4f d1
| peer:  d4 b5 38 0a
| state hash entry 7
| peer and cookies match on #1, provided msgid 00000000 vs 00000000
| state object #1 found, in STATE_MAIN_R1
| ***parse ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_NONCE
|    length: 196
| ***parse ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 20
"beta-alpha" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
| next event EVENT_RETRANSMIT in 10 seconds for #1
[next event happens 10 seconds later]

======================================================================

ALPHA:
"beta-alpha" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
| next event EVENT_RETRANSMIT in 10 seconds for #1
|  
| *received 372 bytes from 194.236.130.162:500 on eth0
| **parse ISAKMP Message:
|    initiator cookie:
|   14 62 fd 15  da a7 af 7b
|    responder cookie:
|   05 3e 7f 18  42 eb 4f d1
|    next payload type: ISAKMP_NEXT_KE
|    ISAKMP version: ISAKMP Version 1.0
|    exchange type: ISAKMP_XCHG_IDPROT
|    flags: none
|    message ID:  00 00 00 00
|    length: 372
| ICOOKIE:  14 62 fd 15  da a7 af 7b
| RCOOKIE:  05 3e 7f 18  42 eb 4f d1
| peer:  c2 ec 82 a2
| state hash entry 6
| peer and cookies match on #1, provided msgid 00000000 vs 00000000
| state object #1 found, in STATE_MAIN_I2
| ***parse ISAKMP Key Exchange Payload:
|    next payload type: ISAKMP_NEXT_NONCE
|    length: 196
| ***parse ISAKMP Nonce Payload:
|    next payload type: ISAKMP_NEXT_CR
|    length: 20
| ***parse ISAKMP Certificate RequestPayload:
|    next payload type: ISAKMP_NEXT_NONE
|    length: 128
|    cert type: CERT_X509_SIGNATURE
| CR  30 79 31 0b  30 09 06 03  55 04 06 13  02 53 45 31
|   0e 30 0c 06  03 55 04 08  13 05 53 6b  61 6e 65 31
|   0e 30 0c 06  03 55 04 07  13 05 4d 61  6c 6d 6f 31
|   18 30 16 06  03 55 04 0a  13 0f 4f 73  6b 61 72 20
|   4c 69 6c 6a  65 62 6c 61  64 31 0e 30  0c 06 03 55
|   04 03 13 05  61 6c 70 68  61 31 20 30  1e 06 09 2a
|   86 48 86 f7  0d 01 09 01  16 11 6f 73  6b 61 72 40
|   6f 73 6b 2e  6d 69 6e 65  2e 6e 75
| requested CA: 'C=SE, ST=Skane, L=Malmo, O=Oskar Liljeblad, CN=alpha,
    E=oskar at osk.mine.nu'
| thinking about whether to send my certificate:
|   I have RSA key: OAKLEY_RSA_SIG cert.type: CERT_X509_SIGNATURE 
|   sendcert: CERT_ALWAYSSEND and I did get a certificate request 
|   so send cert.
|  I am sending a certificate request
"beta-alpha" #1: I am sending my cert
"beta-alpha" #1: I am sending a certificate request
| looking for secret for C=SE, ST=Skane, L=Malmo, O=Oskar Liljeblad,
    CN=alpha, E=oskar at osk.mine.nu->C=SE, ST=Skane, L=Malmo, O=Oskar
    Liljeblad, CN=beta, E=oskar at osk.mine.nu of kind PPK_RSA
| searching for certificate PPK_RSA:AwEAAdcIO vs PPK_RSA:AwEAAdcIO
| signing hash with RSA Key *AwEAAdcIO
"beta-alpha" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
| inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #1
| next event EVENT_RETRANSMIT in 10 seconds for #1
|  
| *received kernel message
| initiate on demand from 212.181.56.10:0 to 194.236.130.162:0 proto=0
     state: fos_start because: acquire
| find_connection: looking for policy for connection: 212.181.56.10:0/0 ->
     194.236.130.162:0/0
| find_connection: conn "beta-alpha" has compatible peers:
     212.181.56.10/32 -> 194.236.130.162/32 [pri: 16842765]
| find_connection: concluding with "beta-alpha" [pri:16842765]{0x80eddc0}
     kind=CK_PERMANENT
| assign hold, routing was prospective erouted, needs to be erouted HOLD
| delete bare shunt: null pointer
| Queuing pending Quick Mode with 194.236.130.162 "beta-alpha"
| next event EVENT_RETRANSMIT in 10 seconds for #1
[next event happens 9 seconds later]

Regards,

Oskar Liljeblad (oskar at osk.mine.nu)

More information about the Users mailing list