[Openswan Users] ASSERTION FAILED at state.c:316: st->st_suspended_md->st == st

Thu Jul 21 14:05:37 CEST 2005

Hi Guys,

I am using 2.3.1.
When I select auth by secret but do not provide any psk to the local 
server (remote server does have psk):

ipsec auto --up Conn171
104 "Conn171" #2: STATE_MAIN_I1: initiate
003 "Conn171" #2: received Vendor ID payload [Dead Peer Detection]
003 "Conn171" #2: Can't authenticate: no preshared key found for 
`192.168.250.198' and `192.168.250.171'.  Attribute 
OAKLEY_AUTHENTICATION_METHOD
003 "Conn171" #2: no acceptable Oakley Transform
214 "Conn171" #2: STATE_MAIN_I1: NO_PROPOSAL_CHOSEN

After waiting for a while it stucked at this stage so i pressed CTRL-C. 
And I try again:

ipsec auto --up Conn171

This time again nothing coming out (which i think is correct because 
it's in hold stage). Now, i try to bring it down:

ipsec auto --down Conn171
003 "Conn171" #2: *ASSERTION FAILED at state.c:316: 
st->st_suspended_md->st == st***
000 "Conn171" #2: interface ipsec0/eth0 192.168.250.198
000 "Conn171" #2: %myid = (none)
000 "Conn171" #2: debug none
000 "Conn171" #2:
000 "Conn171" #2: algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, 
keysizemin=168, keysizemax=168
000 "Conn171" #2: algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, 
keysizemin=128, keysizemax=256
000 "Conn171" #2: algorithm ESP auth attr: id=1, 
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 "Conn171" #2: algorithm ESP auth attr: id=2, 
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 "Conn171" #2:
000 "Conn171" #2: algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, 
blocksize=16, keydeflen=128
000 "Conn171" #2: algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, 
blocksize=8, keydeflen=192
000 "Conn171" #2: algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 "Conn171" #2: algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 "Conn171" #2: algorithm IKE dh group: id=2, 
name=OAKLEY_GROUP_MODP1024, bits=1024
000 "Conn171" #2: algorithm IKE dh group: id=5, 
name=OAKLEY_GROUP_MODP1536, bits=1536
000 "Conn171" #2: algorithm IKE dh group: id=14, 
name=OAKLEY_GROUP_MODP2048, bits=2048
000 "Conn171" #2: algorithm IKE dh group: id=15, 
name=OAKLEY_GROUP_MODP3072, bits=3072
000 "Conn171" #2: algorithm IKE dh group: id=16, 
name=OAKLEY_GROUP_MODP4096, bits=4096
000 "Conn171" #2: algorithm IKE dh group: id=17, 
name=OAKLEY_GROUP_MODP6144, bits=6144
000 "Conn171" #2: algorithm IKE dh group: id=18, 
name=OAKLEY_GROUP_MODP8192, bits=8192
000 "Conn171" #2:
000 "Conn171" #2: stats db_ops.c: {curr_cnt, total_cnt, maxsz} 
:context={0,0,0} trans={0,0,0} attrs={0,0,0}
000 "Conn171" #2:
000 *"Conn171" #2: "Conn171":* 
192.168.8.0/24===192.168.250.198---192.168.250.254...192.168.250.254---192.168.250.171===192.168.7.0/24; 
unrouted; eroute owner: #0
000 *"Conn171" #2: "Conn171":*     srcip=unset; dstip=unset
000 *"Conn171" #2: "Conn171":*   ike_life: 3600s; ipsec_life: 28800s; 
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 *"Conn171" #2: "Conn171":*   policy: PSK+ENCRYPT+TUNNEL+PFS; prio: 
24,24; interface: eth0;
000 *"Conn171" #2: "Conn171":*   dpd: action:hold; delay:30; timeout:120;
000 *"Conn171" #2: "Conn171":*   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 *"Conn171" #2: "Conn171":*   ESP algorithms wanted: 3_000-1, 
flags=strict
000 *"Conn171" #2: "Conn171":*   ESP algorithms loaded: 3_000-1, 
flags=strict
000 *"Conn171" #2: "Conn191":* 
192.168.25.0/24===192.168.250.198---192.168.250.254...192.168.250.254---192.168.2.2[@geeee]===2.1.21.0/24; 
unrouted; eroute owner: #0
000 *"Conn171" #2: "Conn191":*     srcip=unset; dstip=unset
000 *"Conn**1" #2: "Conn191"**17:*   ike_life: 3600s; ipsec_life: 
28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 *"Conn171" #2: "Conn191":*   policy: PSK+ENCRYPT+TUNNEL+PFS; prio: 
24,24; interface: eth0;
000 *"Conn171" #2: "Conn191":*   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 *"Conn171" #2: "Conn191":*   ESP algorithms wanted: 12_128-2, 
flags=-strict
000 *"Conn171" #2: "Conn191":*   ESP algorithms loaded: 12_128-2, 
flags=-strict
000 *"Conn171" #2: "Conn203":* 
1.1.0.0/23===192.168.250.198---192.168.250.254...192.168.250.254---12.22.2.2===22.12.12.0/24; 
unrouted; eroute owner: #0
000 *"Conn171" #2: "Conn203":*     srcip=unset; dstip=unset
000 *"Conn171" #2: "Conn203":*   ike_life: 3600s; ipsec_life: 28800s; 
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 *"Conn171" #2: "Conn203":*   policy: PSK+ENCRYPT+TUNNEL+PFS; prio: 
23,24; interface: eth0;
000 *"Conn171" #2: "Conn203":*   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 *"Conn171" #2: "Conn203":*   ESP algorithms wanted: 12_128-2, 
flags=-strict
000 *"Conn171" #2: "Conn203":*   ESP algorithms loaded: 12_128-2, 
flags=-strict
000 "Conn171" #2:
000 *"Conn171" #2: #2: "Conn171":500* STATE_MAIN_I1 (sent MI1, expecting 
MR1); none in -1s; lastdpd=-1s(seq in:0 out:0)
000 "Conn171" #2:

Any one having similar problems?

Thank you.

Regards,
Steve