[Openswan Users] NET-to-NET VPN problems

Trevor Morrison Trevor.Morrison at soothsoft.com
Tue Jan 25 12:48:30 CET 2005


Hi,

 

I am running IPCOP 1.4.2 and I am told that it uses Openswan ver 1.0.7.
I am setting up a NET-to-NET vpn solution.  I am pretty sure I have
configured my IPCOP boxes' correctly, but I am getting these errors in
the /var/log/messages logs:

....

Jan 25 11:37:54 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: cannot respond to IPsec SA request because no connection is known
for
192.168.111.0/24===199.227.240.202:4500...207.224.36.142:4500[207.224.36
.137]===192.168.2.0/24

Jan 25 11:37:54 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: sending encrypted notification INVALID_ID_INFORMATION to
207.224.36.142:4500

Jan 25 11:37:56 grumpy pluto[745]: ERROR: asynchronous network error
report on eth1 for message to 207.224.36.142 port 1024, complainant
207.224.36.142: No route to host [errno 113, origin ICMP type 3 code 1
(not authenticated)]

Jan 25 11:38:04 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0xa4732030 (perhaps this is a duplicated packet)

Jan 25 11:38:04 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: sending encrypted notification INVALID_MESSAGE_ID to
207.224.36.142:4500

......

Jan 25 11:38:36 grumpy pluto[745]: ERROR: asynchronous network error
report on eth1 for message to 207.224.36.142 port 1024, complainant
207.224.36.142: No route to host [errno 113, origin ICMP type 3 code 1
(not authenticated)]

Jan 25 11:39:03 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: cannot respond to IPsec SA request because no connection is known
for
192.168.111.0/24===199.227.240.202:4500...207.224.36.142:4500[207.224.36
.137]===192.168.2.0/24

Jan 25 11:39:03 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: sending encrypted notification INVALID_ID_INFORMATION to
207.224.36.142:4500

Jan 25 11:39:13 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0x84c04325 (perhaps this is a duplicated packet)

Jan 25 11:39:13 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: sending encrypted notification INVALID_MESSAGE_ID to
207.224.36.142:4500

Jan 25 11:39:16 grumpy pluto[745]: ERROR: asynchronous network error
report on eth1 for message to 207.224.36.142 port 1024, complainant
207.224.36.142: No route to host [errno 113, origin ICMP type 3 code 1
(not authenticated)]

Jan 25 11:39:33 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0x84c04325 (perhaps this is a duplicated packet)

Jan 25 11:39:33 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: sending encrypted notification INVALID_MESSAGE_ID to
207.224.36.142:4500

.......

Jan 25 11:40:13 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: cannot respond to IPsec SA request because no connection is known
for
192.168.111.0/24===199.227.240.202:4500...207.224.36.142:4500[207.224.36
.137]===192.168.2.0/24

Jan 25 11:40:13 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: sending encrypted notification INVALID_ID_INFORMATION to
207.224.36.142:4500

Jan 25 11:40:24 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0x9d0e1ffb (perhaps this is a duplicated packet)

Jan 25 11:40:24 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: sending encrypted notification INVALID_MESSAGE_ID to
207.224.36.142:4500

Jan 25 11:40:36 grumpy pluto[745]: ERROR: asynchronous network error
report on eth1 for message to 207.224.36.142 port 1024, complainant
207.224.36.142: No route to host [errno 113, origin ICMP type 3 code 1
(not authenticated)]

Jan 25 11:40:44 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0x9d0e1ffb (perhaps this is a duplicated packet)

Jan 25 11:40:44 grumpy pluto[745]: "RoadWarriors"[2] 207.224.36.142:4500
#590: sending encrypted notification INVALID_MESSAGE_ID to
207.224.36.142:4500

 

I once had a host-to-ipcop box vpn working and now it has stopped.  I am
really a novice at openswan vpn solutions and I would appreciate any
help.

 

Thanks,

 

 

Trevor 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050125/018272d7/attachment-0001.htm


More information about the Users mailing list