[Openswan Users] QuickMode-Error: peer likes no proposal
Andreas Schneider
androef at caramail.com
Thu Apr 14 17:57:57 CEST 2005
Hello,
I am new with OpenSwan (and even Linux). I am using Suse Linux 9.1 and
OpenSwan 2.3.0. on a Nootebook. I am trying to make a
roadwarrior-connection to an Windows 2003 Server with IPsec/L2TP.
I know, it's not polite to send such big mails to a list, but all this
log-stuff
tells me nothing and hopefully one of You can point the finger on the
problem
=== This is my /etc/ipsec.conf:
version 2.0
config setup
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
#plutoload=%search
#plutostart=%search
conn wlanfhjena
auth=esp
authby=rsasig
pfs=no
left=194.94.37.4
leftrsasigkey=%cert
leftprotoport=17/1701
leftid="root-CA ID"
right=%defaultroute
rightrsasigkey=%cert
rightprotoport=17/0
rightcert=cert.pem
rightid="client-CA ID"
auto=add
keyingtries=1
# Switch off Opportunistic Encryption policies -- BEGIN
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn OEself
auto=ignore
## Switch off Opportunistic Encryption -- END
=== Now I am starting OpenSwan:
suse:/home/androef # /etc/init.d/ipsec start
ipsec_setup: Starting Openswan IPsec U2.3.0/K2.6.5-7.111-default...
suse:/home/androef # ipsec auto --up wlanfhjena
104 "wlanfhjena" #1: STATE_MAIN_I1: initiate
003 "wlanfhjena" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000004]
003 "wlanfhjena" #1: ignoring Vendor ID payload [FRAGMENTATION]
003 "wlanfhjena" #1: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
106 "wlanfhjena" #1: STATE_MAIN_I2: sent MI2, expecting MR2
108 "wlanfhjena" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "wlanfhjena" #1: STATE_MAIN_I4: ISAKMP SA established
117 "wlanfhjena" #2: STATE_QUICK_I1: initiate
010 "wlanfhjena" #2: STATE_QUICK_I1: retransmission; will wait 20s for
response
010 "wlanfhjena" #2: STATE_QUICK_I1: retransmission; will wait 40s for
response
031 "wlanfhjena" #2: max number of retransmissions (2) reached
STATE_QUICK_I1.
No acceptable response to our first Quick Mode message: perhaps peer
likes no proposal
It is very hard for me, to fix errors with Linux, because I am just a
"user" and
not "admin". Now I am getting this error, but I can't understand it.
Google
is'nt really helpful: The most user guides are about connecting a
Win-client
to an OpenSwan-Server. But here's a Suse-client and a Win-Server
(pfs,esp, etc.).
=== The last "few" /var/log/messages - lines (I skipped the lines with
the data, IPsec sends):
Apr 14 16:20:44 suse pluto[4199]: | complete state transition with STF_OK
Apr 14 16:20:44 suse pluto[4199]: "wlanfhjena" #1: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 14 16:20:44 suse pluto[4199]: | inserting event EVENT_SA_REPLACE,
timeout in 2957 seconds for #1
Apr 14 16:20:44 suse pluto[4199]: "wlanfhjena" #1: ISAKMP SA established
Apr 14 16:20:44 suse pluto[4199]: | modecfg pull: noquirk policy:push
not-client
Apr 14 16:20:44 suse pluto[4199]: | phase 1 is done, looking for phase 1
to unpend
Apr 14 16:20:44 suse pluto[4199]: | unqueuing pending Quick Mode with
194.94.37.4 "wlanfhjena"
Apr 14 16:20:44 suse pluto[4199]: | duplicating state object #1
Apr 14 16:20:44 suse pluto[4199]: | creating state object #2 at 0x80faa20
Apr 14 16:20:44 suse pluto[4199]: | ICOOKIE: 21 66 90 8b 5b 4b 3a 73
Apr 14 16:20:44 suse pluto[4199]: | RCOOKIE: a9 37 6f 0f 32 61 56 1a
Apr 14 16:20:44 suse pluto[4199]: | peer: c2 5e 25 04
Apr 14 16:20:44 suse pluto[4199]: | state hash entry 31
Apr 14 16:20:44 suse pluto[4199]: | inserting event EVENT_SO_DISCARD,
timeout in 0 seconds for #2
Apr 14 16:20:44 suse pluto[4199]: "wlanfhjena" #2: initiating Quick
Mode RSASIG+ENCRYPT+TUNNEL+UP {using isakmp#1}
Apr 14 16:20:44 suse pluto[4199]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt:
1
Apr 14 16:20:44 suse pluto[4199]: | asking helper 0 to do build_nonce op
on seq: 2
Apr 14 16:20:44 suse pluto[4199]: | inserting event EVENT_CRYPTO_FAILED,
timeout in 300 seconds for #2
Apr 14 16:20:44 suse pluto[4199]: | next event EVENT_CRYPTO_FAILED in 300
seconds for #2
Apr 14 16:20:44 suse pluto[4199]: |
Apr 14 16:20:44 suse pluto[4199]: | *received 2068 bytes from
194.94.37.4:500 on wlan0
Apr 14 16:20:44 suse pluto[4199]: | 21 66 90 8b 5b 4b 3a 73 a9 37 6f
0f 32 61 56 1a
[...]
Apr 14 16:20:44 suse pluto[4199]: | 71 30 e9 bf
Apr 14 16:20:44 suse pluto[4199]: | **parse ISAKMP Message:
Apr 14 16:20:44 suse pluto[4199]: | initiator cookie:
Apr 14 16:20:44 suse pluto[4199]: | 21 66 90 8b 5b 4b 3a 73
Apr 14 16:20:44 suse pluto[4199]: | responder cookie:
Apr 14 16:20:44 suse pluto[4199]: | a9 37 6f 0f 32 61 56 1a
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_ID
Apr 14 16:20:44 suse pluto[4199]: | ISAKMP version: ISAKMP Version 1.0
Apr 14 16:20:44 suse pluto[4199]: | exchange type: ISAKMP_XCHG_IDPROT
Apr 14 16:20:44 suse pluto[4199]: | flags: ISAKMP_FLAG_ENCRYPTION
Apr 14 16:20:44 suse pluto[4199]: | message ID: 00 00 00 00
Apr 14 16:20:44 suse pluto[4199]: | length: 2068
Apr 14 16:20:44 suse pluto[4199]: | ICOOKIE: 21 66 90 8b 5b 4b 3a 73
Apr 14 16:20:44 suse pluto[4199]: | RCOOKIE: a9 37 6f 0f 32 61 56 1a
Apr 14 16:20:44 suse pluto[4199]: | peer: c2 5e 25 04
Apr 14 16:20:44 suse pluto[4199]: | state hash entry 31
Apr 14 16:20:44 suse pluto[4199]: | peer and cookies match on #2,
provided msgid 00000000 vs fc687e30
Apr 14 16:20:44 suse pluto[4199]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000
Apr 14 16:20:44 suse pluto[4199]: | state object #1 found, in
STATE_MAIN_I4
Apr 14 16:20:44 suse pluto[4199]: "wlanfhjena" #1: discarding duplicate
packet; already STATE_MAIN_I4
Apr 14 16:20:44 suse pluto[4199]: | next event EVENT_CRYPTO_FAILED in 300
seconds for #2
Apr 14 16:20:44 suse pluto[4218]: ! helper -1 doing build_nonce op id: 2
Apr 14 16:20:44 suse pluto[4218]: ! Generated nonce:
Apr 14 16:20:44 suse pluto[4218]: ! b7 f4 05 8a 28 1e e7 9b bc 55 bd
5c 0e b8 08 9b
Apr 14 16:20:44 suse pluto[4199]: | helper 0 has work (cnt now 0)
Apr 14 16:20:44 suse pluto[4199]: | helper 0 replies to sequence 2
Apr 14 16:20:44 suse pluto[4199]: | calling callback function 0x8065f52
Apr 14 16:20:44 suse pluto[4199]: | quick outI1: calculated ke+nonce,
sending I1
Apr 14 16:20:44 suse pluto[4199]: | **emit ISAKMP Message:
Apr 14 16:20:44 suse pluto[4199]: | initiator cookie:
Apr 14 16:20:44 suse pluto[4199]: | 21 66 90 8b 5b 4b 3a 73
Apr 14 16:20:44 suse pluto[4199]: | responder cookie:
Apr 14 16:20:44 suse pluto[4199]: | a9 37 6f 0f 32 61 56 1a
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_HASH
Apr 14 16:20:44 suse pluto[4199]: | ISAKMP version: ISAKMP Version 1.0
Apr 14 16:20:44 suse pluto[4199]: | exchange type: ISAKMP_XCHG_QUICK
Apr 14 16:20:44 suse pluto[4199]: | flags: ISAKMP_FLAG_ENCRYPTION
Apr 14 16:20:44 suse pluto[4199]: | message ID: fc 68 7e 30
Apr 14 16:20:44 suse pluto[4199]: | ***emit ISAKMP Hash Payload:
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_SA
Apr 14 16:20:44 suse pluto[4199]: | emitting 20 zero bytes of HASH into
ISAKMP Hash Payload
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Hash
Payload: 24
Apr 14 16:20:44 suse pluto[4199]: | empty esp_info, returning empty
Apr 14 16:20:44 suse pluto[4199]: | ***emit ISAKMP Security Association
Payload:
Apr 14 16:20:44 suse pluto[4199]: | next payload type:
ISAKMP_NEXT_NONCE
Apr 14 16:20:44 suse pluto[4199]: | DOI: ISAKMP_DOI_IPSEC
Apr 14 16:20:44 suse pluto[4199]: | ****emit IPsec DOI SIT:
Apr 14 16:20:44 suse pluto[4199]: | IPsec DOI SIT: SIT_IDENTITY_ONLY
Apr 14 16:20:44 suse pluto[4199]: | out_sa pcn: 0 has 1 valid proposals
Apr 14 16:20:44 suse pluto[4199]: | out_sa pcn: 0 pn: 0<1 valid_count: 1
Apr 14 16:20:44 suse pluto[4199]: | ****emit ISAKMP Proposal Payload:
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_NONE
Apr 14 16:20:44 suse pluto[4199]: | proposal number: 0
Apr 14 16:20:44 suse pluto[4199]: | protocol ID: PROTO_IPSEC_ESP
Apr 14 16:20:44 suse pluto[4199]: | SPI size: 4
Apr 14 16:20:44 suse pluto[4199]: | number of transforms: 4
Apr 14 16:20:44 suse pluto[4199]: | netlink_get_spi: allocated 0x39dc6d35
for esp.0 at 10.5.3.220
Apr 14 16:20:44 suse pluto[4199]: | emitting 4 raw bytes of SPI into
ISAKMP Proposal Payload
Apr 14 16:20:44 suse pluto[4199]: | SPI 39 dc 6d 35
Apr 14 16:20:44 suse pluto[4199]: | *****emit ISAKMP Transform Payload
(ESP):
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_T
Apr 14 16:20:44 suse pluto[4199]: | transform number: 0
Apr 14 16:20:44 suse pluto[4199]: | transform ID: ESP_AES
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: ENCAPSULATION_MODE
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: SA_LIFE_TYPE
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is SA_LIFE_TYPE_SECONDS]
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: SA_LIFE_DURATION
Apr 14 16:20:44 suse pluto[4199]: | length/value: 28800
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: AUTH_ALGORITHM
Apr 14 16:20:44 suse pluto[4199]: | length/value: 2
Apr 14 16:20:44 suse pluto[4199]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Transform
Payload (ESP): 24
Apr 14 16:20:44 suse pluto[4199]: | *****emit ISAKMP Transform Payload
(ESP):
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_T
Apr 14 16:20:44 suse pluto[4199]: | transform number: 1
Apr 14 16:20:44 suse pluto[4199]: | transform ID: ESP_AES
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: ENCAPSULATION_MODE
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: SA_LIFE_TYPE
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is SA_LIFE_TYPE_SECONDS]
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: SA_LIFE_DURATION
Apr 14 16:20:44 suse pluto[4199]: | length/value: 28800
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: AUTH_ALGORITHM
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Transform
Payload (ESP): 24
Apr 14 16:20:44 suse pluto[4199]: | *****emit ISAKMP Transform Payload
(ESP):
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_T
Apr 14 16:20:44 suse pluto[4199]: | transform number: 2
Apr 14 16:20:44 suse pluto[4199]: | transform ID: ESP_3DES
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: ENCAPSULATION_MODE
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: SA_LIFE_TYPE
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is SA_LIFE_TYPE_SECONDS]
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: SA_LIFE_DURATION
Apr 14 16:20:44 suse pluto[4199]: | length/value: 28800
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: AUTH_ALGORITHM
Apr 14 16:20:44 suse pluto[4199]: | length/value: 2
Apr 14 16:20:44 suse pluto[4199]: | [2 is AUTH_ALGORITHM_HMAC_SHA1]
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Transform
Payload (ESP): 24
Apr 14 16:20:44 suse pluto[4199]: | *****emit ISAKMP Transform Payload
(ESP):
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_NONE
Apr 14 16:20:44 suse pluto[4199]: | transform number: 3
Apr 14 16:20:44 suse pluto[4199]: | transform ID: ESP_3DES
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: ENCAPSULATION_MODE
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is ENCAPSULATION_MODE_TUNNEL]
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: SA_LIFE_TYPE
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is SA_LIFE_TYPE_SECONDS]
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: SA_LIFE_DURATION
Apr 14 16:20:44 suse pluto[4199]: | length/value: 28800
Apr 14 16:20:44 suse pluto[4199]: | ******emit ISAKMP IPsec DOI attribute:
Apr 14 16:20:44 suse pluto[4199]: | af+type: AUTH_ALGORITHM
Apr 14 16:20:44 suse pluto[4199]: | length/value: 1
Apr 14 16:20:44 suse pluto[4199]: | [1 is AUTH_ALGORITHM_HMAC_MD5]
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Transform
Payload (ESP): 24
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Proposal
Payload: 108
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Security
Association Payload: 120
Apr 14 16:20:44 suse pluto[4199]: | ***emit ISAKMP Nonce Payload:
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_ID
Apr 14 16:20:44 suse pluto[4199]: | emitting 16 raw bytes of Ni into
ISAKMP Nonce Payload
Apr 14 16:20:44 suse pluto[4199]: | Ni b7 f4 05 8a 28 1e e7 9b bc 55
bd 5c 0e b8 08 9b
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Nonce
Payload: 20
Apr 14 16:20:44 suse pluto[4199]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_ID
Apr 14 16:20:44 suse pluto[4199]: | ID type: ID_IPV4_ADDR
Apr 14 16:20:44 suse pluto[4199]: | Protocol ID: 17
Apr 14 16:20:44 suse pluto[4199]: | port: 0
Apr 14 16:20:44 suse pluto[4199]: | emitting 4 raw bytes of client
network into ISAKMP Identification Payload (IPsec DOI)
Apr 14 16:20:44 suse pluto[4199]: | client network 0a 05 03 dc
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 12
Apr 14 16:20:44 suse pluto[4199]: | ***emit ISAKMP Identification Payload
(IPsec DOI):
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_NONE
Apr 14 16:20:44 suse pluto[4199]: | ID type: ID_IPV4_ADDR
Apr 14 16:20:44 suse pluto[4199]: | Protocol ID: 17
Apr 14 16:20:44 suse pluto[4199]: | port: 1701
Apr 14 16:20:44 suse pluto[4199]: | emitting 4 raw bytes of client
network into ISAKMP Identification Payload (IPsec DOI)
Apr 14 16:20:44 suse pluto[4199]: | client network c2 5e 25 04
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP
Identification Payload (IPsec DOI): 12
Apr 14 16:20:44 suse pluto[4199]: | HASH(1) computed:
Apr 14 16:20:44 suse pluto[4199]: | b5 db bb e4 8c 5d 32 9e a7 f5 e6
f4 f7 63 61 ed
Apr 14 16:20:44 suse pluto[4199]: | 0b fa 73 f1
Apr 14 16:20:44 suse pluto[4199]: | last Phase 1 IV: e9 44 ed 8e 71 30
e9 bf
Apr 14 16:20:44 suse pluto[4199]: | last Phase 1 IV: e9 44 ed 8e 71 30
e9 bf
Apr 14 16:20:44 suse pluto[4199]: | computed Phase 2 IV:
Apr 14 16:20:44 suse pluto[4199]: | a3 08 ea 57 b3 3d b9 32 29 e9 e3
de 1d 75 ff 23
Apr 14 16:20:44 suse pluto[4199]: | c0 6e 63 86
Apr 14 16:20:44 suse pluto[4199]: | encrypting:
[...]
Apr 14 16:20:44 suse pluto[4199]: | emitting 4 zero bytes of encryption
padding into ISAKMP Message
Apr 14 16:20:44 suse pluto[4199]: | encrypting using OAKLEY_3DES_CBC
Apr 14 16:20:44 suse pluto[4199]: | next IV: 4c b7 2c 85 75 8b 12 54
Apr 14 16:20:44 suse pluto[4199]: | emitting length of ISAKMP Message: 220
Apr 14 16:20:44 suse pluto[4199]: | sending 220 bytes for quick_outI1
through wlan0 to 194.94.37.4:500:
[...]
Apr 14 16:20:44 suse pluto[4199]: | inserting event EVENT_RETRANSMIT,
timeout in 10 seconds for #2
Apr 14 16:20:44 suse pluto[4199]: | next event EVENT_RETRANSMIT in 10
seconds for #2
Apr 14 16:20:44 suse pluto[4199]: |
Apr 14 16:20:44 suse pluto[4199]: | *received 68 bytes from
194.94.37.4:500 on wlan0
[...]
Apr 14 16:20:44 suse pluto[4199]: | **parse ISAKMP Message:
Apr 14 16:20:44 suse pluto[4199]: | initiator cookie:
Apr 14 16:20:44 suse pluto[4199]: | 21 66 90 8b 5b 4b 3a 73
Apr 14 16:20:44 suse pluto[4199]: | responder cookie:
Apr 14 16:20:44 suse pluto[4199]: | a9 37 6f 0f 32 61 56 1a
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_HASH
Apr 14 16:20:44 suse pluto[4199]: | ISAKMP version: ISAKMP Version 1.0
Apr 14 16:20:44 suse pluto[4199]: | exchange type: ISAKMP_XCHG_INFO
Apr 14 16:20:44 suse pluto[4199]: | flags: ISAKMP_FLAG_ENCRYPTION
Apr 14 16:20:44 suse pluto[4199]: | message ID: e1 d1 a0 ca
Apr 14 16:20:44 suse pluto[4199]: | length: 68
Apr 14 16:20:44 suse pluto[4199]: | ICOOKIE: 21 66 90 8b 5b 4b 3a 73
Apr 14 16:20:44 suse pluto[4199]: | RCOOKIE: a9 37 6f 0f 32 61 56 1a
Apr 14 16:20:44 suse pluto[4199]: | peer: c2 5e 25 04
Apr 14 16:20:44 suse pluto[4199]: | state hash entry 31
Apr 14 16:20:44 suse pluto[4199]: | peer and cookies match on #2,
provided msgid 00000000 vs fc687e30
Apr 14 16:20:44 suse pluto[4199]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000
Apr 14 16:20:44 suse pluto[4199]: | state object #1 found, in
STATE_MAIN_I4
Apr 14 16:20:44 suse pluto[4199]: | last Phase 1 IV: e9 44 ed 8e 71 30
e9 bf
Apr 14 16:20:44 suse pluto[4199]: | last Phase 1 IV: e9 44 ed 8e 71 30
e9 bf
Apr 14 16:20:44 suse pluto[4199]: | computed Phase 2 IV:
[...]
Apr 14 16:20:44 suse pluto[4199]: | received encrypted packet from
194.94.37.4:500
Apr 14 16:20:44 suse pluto[4199]: | decrypting 40 bytes using algorithm
OAKLEY_3DES_CBC
Apr 14 16:20:44 suse pluto[4199]: | decrypted:
[...]
Apr 14 16:20:44 suse pluto[4199]: | next IV: 1a 36 21 9d 2f 79 f8 a0
Apr 14 16:20:44 suse pluto[4199]: | ***parse ISAKMP Hash Payload:
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_N
Apr 14 16:20:44 suse pluto[4199]: | length: 24
Apr 14 16:20:44 suse pluto[4199]: | ***parse ISAKMP Notification Payload:
Apr 14 16:20:44 suse pluto[4199]: | next payload type: ISAKMP_NEXT_NONE
Apr 14 16:20:44 suse pluto[4199]: | length: 16
Apr 14 16:20:44 suse pluto[4199]: | DOI: ISAKMP_DOI_IPSEC
Apr 14 16:20:44 suse pluto[4199]: | protocol ID: 3
Apr 14 16:20:44 suse pluto[4199]: | SPI size: 4
Apr 14 16:20:44 suse pluto[4199]: | Notify Message Type:
INVALID_ID_INFORMATION
Apr 14 16:20:44 suse pluto[4199]: "wlanfhjena" #1: ignoring
informational payload, type INVALID_ID_INFORMATION
Apr 14 16:20:44 suse pluto[4199]: | info: 00 00 00 00
Apr 14 16:20:44 suse pluto[4199]: "wlanfhjena" #1: received and ignored
informational message
Apr 14 16:20:44 suse pluto[4199]: | complete state transition with
STF_IGNORE
Apr 14 16:20:44 suse pluto[4199]: | next event EVENT_RETRANSMIT in 10
seconds for #2
Apr 14 16:20:54 suse pluto[4199]: |
Apr 14 16:20:54 suse pluto[4199]: | *time to handle event
Apr 14 16:20:54 suse pluto[4199]: | handling event EVENT_RETRANSMIT
Apr 14 16:20:54 suse pluto[4199]: | event after this is EVENT_SA_REPLACE
in 2947 seconds
Apr 14 16:20:54 suse pluto[4199]: | handling event EVENT_RETRANSMIT for
194.94.37.4 "wlanfhjena" #2
Apr 14 16:20:54 suse pluto[4199]: | sending 220 bytes for
EVENT_RETRANSMIT through wlan0 to 194.94.37.4:500:
[...]
Apr 14 16:20:54 suse pluto[4199]: | inserting event EVENT_RETRANSMIT,
timeout in 20 seconds for #2
Apr 14 16:20:54 suse pluto[4199]: | next event EVENT_RETRANSMIT in 20
seconds for #2
Apr 14 16:21:14 suse pluto[4199]: |
Apr 14 16:21:14 suse pluto[4199]: | *received kernel message
Apr 14 16:21:14 suse pluto[4199]: | netlink_get: XFRM_MSG_EXPIRE message
Apr 14 16:21:14 suse pluto[4199]: | next event EVENT_RETRANSMIT in 0
seconds for #2
Apr 14 16:21:14 suse pluto[4199]: |
Apr 14 16:21:14 suse pluto[4199]: | *time to handle event
Apr 14 16:21:14 suse pluto[4199]: | handling event EVENT_RETRANSMIT
Apr 14 16:21:14 suse pluto[4199]: | event after this is EVENT_SA_REPLACE
in 2927 seconds
Apr 14 16:21:14 suse pluto[4199]: | handling event EVENT_RETRANSMIT for
194.94.37.4 "wlanfhjena" #2
Apr 14 16:21:14 suse pluto[4199]: | sending 220 bytes for
EVENT_RETRANSMIT through wlan0 to 194.94.37.4:500:
[...]
Apr 14 16:21:14 suse pluto[4199]: | inserting event EVENT_RETRANSMIT,
timeout in 40 seconds for #2
Apr 14 16:21:14 suse pluto[4199]: | next event EVENT_RETRANSMIT in 40
seconds for #2
Apr 14 16:21:54 suse pluto[4199]: |
Apr 14 16:21:54 suse pluto[4199]: | *time to handle event
Apr 14 16:21:54 suse pluto[4199]: | handling event EVENT_RETRANSMIT
Apr 14 16:21:54 suse pluto[4199]: | event after this is EVENT_SA_REPLACE
in 2887 seconds
Apr 14 16:21:54 suse pluto[4199]: | handling event EVENT_RETRANSMIT for
194.94.37.4 "wlanfhjena" #2
Apr 14 16:21:54 suse pluto[4199]: "wlanfhjena" #2: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Apr 14 16:21:54 suse pluto[4199]: | ICOOKIE: 21 66 90 8b 5b 4b 3a 73
Apr 14 16:21:54 suse pluto[4199]: | RCOOKIE: a9 37 6f 0f 32 61 56 1a
Apr 14 16:21:54 suse pluto[4199]: | peer: c2 5e 25 04
Apr 14 16:21:54 suse pluto[4199]: | state hash entry 31
Apr 14 16:21:54 suse pluto[4199]: | next event EVENT_SA_REPLACE in 2887
seconds for #1
Has anyone some ideas, how I can fix it.
Greetings, Andreas Schneider
More information about the Users
mailing list