[Openswan Users] Re: [Ticket#: 2005030110000536] Re: IPsec bug in Vigor2500 plus wi [...]

Paul Wouters paul at xtdnet.nl
Wed Jun 15 00:28:57 CEST 2005 

On Thu, 31 Mar 2005, DrayTek Support wrote:


Dear Draytek,

I send this email to confirm that the new released firmware for the Vigor 2500
again does not have to fix included that made it into the beta firmware of
the Vigor2600G, and that it is still impossible to setup two VPN tunnels to
the same machine for a different subnet.

Model : 	Vigor2500
Firmware Version : 	v2.55
Build Date/Time : 	Wed Jun 1 16:16:9.63 2005

See further Tickets 2004093010000437 2004081310000202 2005030110000536

We are now actively testing alternative hardware to replace all the deployed
Draytek equipment with hardware from another vendor.

The logs of the openswan side follow below. As can be seen, as soon as the second
tunnel is established, the Vigor2200 sends a Delete request for the first tunnel.

Jun 14 23:23:19 rigips pluto[28992]: "bpb0010" #4316: responding to Main Mode
Jun 14 23:23:19 rigips pluto[28992]: "bpb0010" #4316: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jun 14 23:23:20 rigips pluto[28992]: "bpb0010" #4316: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun 14 23:23:21 rigips pluto[28992]: "bpb0010" #4316: Main mode peer ID is ID_IPV4_ADDR: '80.127.90.81'
Jun 14 23:23:21 rigips pluto[28992]: "bpb0010" #4316: I did not send a certificate because I do not have one.
Jun 14 23:23:21 rigips pluto[28992]: "bpb0010" #4316: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun 14 23:23:21 rigips pluto[28992]: "bpb0010" #4316: sent MR3, ISAKMP SA established
Jun 14 23:23:21 rigips pluto[28992]: "bpb0010" #4317: responding to Quick Mode
Jun 14 23:23:21 rigips pluto[28992]: "bpb0010" #4317: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun 14 23:23:22 rigips pluto[28992]: "bpb0010" #4317: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun 14 23:23:22 rigips pluto[28992]: "bpb0010" #4317: IPsec SA established {ESP=>0x1f3e7dff <0x09a3ad33}
Jun 14 23:23:29 rigips pluto[28992]: "bpb0010-sap" #4318: responding to Quick Mode
Jun 14 23:23:29 rigips pluto[28992]: "bpb0010-sap" #4318: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Jun 14 23:23:30 rigips pluto[28992]: "bpb0010-sap" #4318: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun 14 23:23:30 rigips pluto[28992]: "bpb0010-sap" #4318: IPsec SA established {ESP=>0x1f3e7e00 <0x09a3ad34}
Jun 14 23:23:30 rigips pluto[28992]: "bpb0010" #4316: received Delete SA(0x1f3e7dff) payload: deleting IPSEC State #4317
Jun 14 23:23:30 rigips pluto[28992]: "bpb0010" #4316: received and ignored informational message
Jun 14 23:23:33 rigips pluto[28992]: "bpb0000-sap" #4282: max number of retransmissions (20) reached STATE_MAIN_I1.  No response (or no acceptable response) to our first IKE message

Regards,

Paul Wouters
Xtended Internet
--
Broerdijk 27			Postbus 170		Tel: 31-24-360 39 19
6523 GM Nijmegen		6500 AD Nijmegen	Fax: 31-24-360 19 99
The Netherlands			The Netherlands		info at xtdnet.nl

More information about the Users mailing list