[Openswan Users] 1.0.8 <-> 2.3.1

Dmitry Melekhov dm at belkam.com
Wed Jun 1 16:51:26 CEST 2005


Hello!

I just installed 2.3.1 instead of 1.0.8 on one host, another still has 
1.0.8.
After some time I found that ipsec doesn't work... May be there was link 
problem for some time.
Here is what I had on 2.3.1 side.

# ipsec whack --status |grep u304
000 "u304": 
0.0.0.0/0===192.168.200.237...192.168.200.238===192.168.26.0/24; 
erouted; eroute owner: #40
000 "u304":     srcip=unset; dstip=unset
000 "u304":   ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s; 
rekey_fuzz: 100%; keyingtries: 0
000 "u304":   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 0,24; 
interface: eth1;
000 "u304":   newest ISAKMP SA: #47; newest IPsec SA: #40;
000 "u304":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 #47: "u304":500 STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_REPLACE in 2570s; newest ISAKMP; nodpd
000 #40: "u304":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); 
EVENT_SA_REPLACE in 2366s; newest IPSEC; eroute owner
000 #40: "u304" used 83s ago; esp.d9cc1d43 at 192.168.200.238 
esp.e77dd87f at 192.168.200.237 comp.3f7e at 192.168.200.238 
comp.836e at 192.168.200.237 tun.1030 at 192.168.200.238 tun.102f at 192.168.200.237
000 #36: "u304":500 STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_EXPIRE in 923s; nodpd
000 #30: "u304":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); 
EVENT_SA_EXPIRE in 542s
000 #30: "u304" esp.d9cc1d42 at 192.168.200.238 
esp.e77dd87a at 192.168.200.237 comp.3f7d at 192.168.200.238 
comp.8369 at 192.168.200.237 tun.1026 at 192.168.200.238 tun.1025 at 192.168.200.237


Is this OK?
I hadn't such state with 1.0.8. What does EVENT_SA_EXPIRE mean?



More information about the Users mailing list