[Openswan Users] ASSERTION FAILED using Openswan 2.3.0DR5

Axel Mueller axel.mueller at avanux.de
Sun Jan 2 20:12:58 CET 2005 

Hi Paul,

Good shot :-)
I was using the default kernel configuration for crypto settings. 
Therefore AES was not built - neither as module nor as part of kernel.
After building the AES modules the tunnel is set up and I can ping the 
other end:

Jan  2 20:07:10 gate pluto[16297]: packet from 192.168.70.5:500: 
received Vendor ID payload [Dead Peer Detection]
Jan  2 20:07:10 gate pluto[16297]: "mueller-family-wlan"[1] 192.168.70.5 
#1: responding to Main Mode from unknown peer 192.168.70.5
Jan  2 20:07:10 gate pluto[16297]: "mueller-family-wlan"[1] 192.168.70.5 
#1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[1] 192.168.70.5 
#1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[1] 192.168.70.5 
#1: Main mode peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Hessen, 
L=Altenstadt-Lindheim, O=mueller-family, CN=miraculix.mueller-family.de, 
E=axel at mueller-family.de'
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[1] 192.168.70.5 
#1: crl update for "C=DE, ST=Hessen, L=Altenstadt-Lindheim, 
O=mueller-family, CN=CA, E=ca at mueller-family.de" is overdue since Aug 15 
11:43:12 UTC 2004
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[2] 192.168.70.5 
#1: deleting connection "mueller-family-wlan" instance with peer 
192.168.70.5 {isakmp=#0/ipsec=#0}
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[2] 192.168.70.5 
#1: I am sending my cert
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[2] 192.168.70.5 
#1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[2] 192.168.70.5 
#1: sent MR3, ISAKMP SA established
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[2] 192.168.70.5 
#2: responding to Quick Mode
Jan  2 20:07:11 gate pluto[16297]: "mueller-family-wlan"[2] 192.168.70.5 
#2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jan  2 20:07:12 gate pluto[16297]: "mueller-family-wlan"[2] 192.168.70.5 
#2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jan  2 20:07:12 gate pluto[16297]: "mueller-family-wlan"[2] 192.168.70.5 
#2: IPsec SA established {ESP=>0x1a57a4d4 <0x7cf12697 IPCOMP=>0x000073df 
<0x00007c6f}

Thanks a lot!

Axel


Paul Wouters wrote:

> On Sat, 1 Jan 2005, Axel Mueller wrote:
>
>> responding to Quick Mode
>> Jan  1 16:24:07 gate pluto[6167]: "mueller-family-wlan"[2] 
>> 192.168.70.5 #2: ESP transform ESP_AES / auth 
>> AUTH_ALGORITHM_HMAC_SHA1 not implemented yet
>> Jan  1 16:24:07 gate pluto[6167]: "mueller-family-wlan"[2] 
>> 192.168.70.5 #2: ERROR: netlink response for Del SA 
>> unk0.b281 at 192.168.70.1 included errno 3: No such process
>> Jan  1 16:24:17 gate pluto[6167]: "mueller-family-wlan"[2] 
>> 192.168.70.5 #2: ASSERTION FAILED at demux.c:1799: STATE_IKE_FLOOR <= 
>> from_state && from_state <= STATE_IKE_ROOF
>
>
> Does your kernel have cryptoapi support? Do you have the proper 
> modules loaded?
> You will at least needs esp4, aes-i586 and the sha256/sha512 modules 
> loaded.
>
> Paul
>
>

More information about the Users mailing list