[Openswan Users] Win2k / XP (behind NAT) rekeying issue
Igmar Palsenberg
maillist at jdimedia.nl
Thu May 26 15:54:29 CEST 2005
> I believe that once the 4500 is used that it should be used for
> re-keying too.
That's also what I read from the draft specs.
> Have you checked with tcpdump that the re-key is
> happening on 500 or is it from the logs?
Both say rekeying is done over UDP 500 -> UDP 500 :
13:48:46.762462 82.92.195.210.4500 > 82.92.211.218.4500: udp 60 (DF)
13:48:46.777147 82.92.211.218.4500 > 82.92.195.210.4500: udp 52
13:49:05.925407 82.92.211.218.4500 > 82.92.195.210.4500: udp 1
13:49:15.031292 82.92.195.210.isakmp > 82.92.211.218.isakmp: isakmp: phase
1 I ident: [|sa] (DF)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This is the actual rekey, from the pluto debug log :
May 26 13:49:15 fw pluto[17536]: | sending 292 bytes for main_outI1
through eth0:500 to 82.92.211.218:500:
<snip 292 bytes>
13:49:25.946546 82.92.211.218.4500 > 82.92.195.210.4500: udp 1
13:49:45.954837 82.92.211.218.4500 > 82.92.195.210.4500: udp 1
13:49:46.772463 82.92.195.210.4500 > 82.92.211.218.4500: udp 60 (DF)
13:49:46.787285 82.92.211.218.4500 > 82.92.195.210.4500: udp 52
13:50:05.948618 82.92.211.218.4500 > 82.92.195.210.4500: udp 1
13:50:25.274051 82.92.195.210.isakmp > 82.92.211.218.isakmp: isakmp: phase
1 I ident: [|sa] (DF)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Retransmit from the pluto debug log :
*time to handle event
May 26 13:50:25 fw pluto[17536]: | handling event EVENT_RETRANSMIT
May 26 13:50:25 fw pluto[17536]: | event after this is
EVENT_PENDING_PHASE2 in 53 seconds
May 26 13:50:25 fw pluto[17536]: | processing connection
l2tp-updated-win[2] 82.92.211.218
May 26 13:50:25 fw pluto[17536]: | sending 292 bytes for main_outI1
through eth0:500 to 82.92.211.218:500:
<snip 292 bytes>
13:50:25.987964 82.92.211.218.4500 > 82.92.195.210.4500: udp 1
13:50:35.278421 82.92.195.210.isakmp > 82.92.211.218.isakmp: isakmp: phase
1 I ident: [|sa] (DF)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
retransmit :
May 26 13:50:35 fw pluto[17536]: | sending 292 bytes for EVENT_RETRANSMIT
through eth0:500 to 82.92.211.218:500:
> (My logs show the rekey
> happening/failing on 4500). Is WinXP being silly and rekeying on
> 500?
No, OpenSwan is at fault I believe. Windows doesn't even notice the rekey,
it starts to log again when OpenSWAN decides to kill the SA.
The full logs + TCP dumps + Win2k IKE logs are available at request.
Regards,
Igmar
More information about the Users
mailing list