[Openswan Users] Start new connection

Paul Wouters paul at xelerance.com
Tue Nov 1 23:48:51 CET 2005


On Tue, 1 Nov 2005, Frederico Madeira wrote:

> [root at fw rc.d]# /usr/sbin/ipsec auto --up ksa-fred
>
> 104 "ksa-fred" #1: STATE_MAIN_I1: initiate
> 003 "ksa-fred" #1: received Vendor ID payload [Openswan (this version)
> 2.4.0rc3  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
> 003 "ksa-fred" #1: received Vendor ID payload [Dead Peer Detection]
> 106 "ksa-fred" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "ksa-fred" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "ksa-fred" #1: STATE_MAIN_I4: ISAKMP SA established
> {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5
> group=modp1536}
> 117 "ksa-fred" #2: STATE_QUICK_I1: initiate
> 010 "ksa-fred" #2: STATE_QUICK_I1: retransmission; will wait 20s for
> response
> 010 "ksa-fred" #2: STATE_QUICK_I1: retransmission; will wait 40s for
> response
> 031 "ksa-fred" #2: max number of retransmissions (2) reached

The other end is not sending a single packet back. There might be a
filter for udp port 500/4500 in place somewhere.

Paul


More information about the Users mailing list