[Openswan Users] ipsec vpn fallback

Ming-Ching Tiew mingching.tiew at redtone.com
Thu Jun 2 11:11:23 CEST 2005


From: "Paul Wouters" <paul at xelerance.com>

> >
> > The second command fail to properly establish the IKE negotiation,
> > it seems to do with some routing issue. If I rework the ipsec.conf,
> > changing interfaces="ipsec0=eth2 ipsec1=eth1" and issue commands
> >
> >     ipsec setup restart
> >     ipsec auto --up link2
> 
> That should not be neccessary. What are the exact IKE errors you see?
> 

I don't get much error, enough though I change klipdebug=all,

#ipsec auto --down link1
#ipsec auto --up link2
104 "link2" #3: STATE_MAIN_I1: initiate
010 "link2" #3: STATE_MAIN_I1: retransmission; will wait 20s for response
010 "link2" #3: STATE_MAIN_I1: retransmission; will wait 40s for response

It just goes on and on, it will never complete the negotiation. If I did what I mentioned
( ie change the interfaces so the that ipsec0=ethx, where ethx = the active link ),
the vpn will be setup very quickly but the 'ipsec setup restart' is very slow, it is not
ideal either.

Cheers.









More information about the Users mailing list