[Openswan Users] 2.4.0 trouble

Ethy H. Brito ethy.brito at inexo.com.br
Tue Oct 4 15:51:42 CEST 2005


On Tue, 4 Oct 2005 19:44:52 +0200 (CEST)
Paul Wouters <paul at xelerance.com> wrote:

> On Tue, 4 Oct 2005, Ethy H. Brito wrote:
> 
> >>> Oct  4 13:53:30 cressem pluto[8199]: "cressem" #70: ERROR: netlink response for Add SA esp.4dd7b441 at 200.231.48.37 included errno 93: Protocol not supported
> >>>
> >>> What protocol is not supported??
> >>
> >> The startup logs will probably tell you what module failed to load.
> >
> > It says nothing about failed modules. Do you want me to put the relevant part here?
> 
> Yes please. can you show the logs from startup to failure?

Here we go (tell me if this is enough!).

Ethy

Oct  4 13:14:49 cressem ipsec__plutorun: Starting Pluto subsystem...
Oct  4 13:14:49 cressem pluto[8199]: Starting Pluto (Openswan Version 2.4.0 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEr@`N\177X]mXi)
Oct  4 13:14:49 cressem pluto[8199]: Setting NAT-Traversal port-4500 floating to off
Oct  4 13:14:49 cressem pluto[8199]:    port floating activation criteria nat_t=0/port_fload=1
Oct  4 13:14:49 cressem pluto[8199]:   including NAT-Traversal patch (Version 0.6c) [disabled]
Oct  4 13:14:49 cressem pluto[8199]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Oct  4 13:14:49 cressem pluto[8199]: starting up 1 cryptographic helpers
Oct  4 13:14:49 cressem pluto[8199]: started helper pid=8214 (fd:6)
Oct  4 13:14:49 cressem pluto[8199]: Using Linux 2.6 IPsec interface code on 2.6.13.2
Oct  4 13:14:49 cressem pluto[8199]: Changing to directory '/etc/ipsec.d/cacerts'
Oct  4 13:14:49 cressem pluto[8199]: Changing to directory '/etc/ipsec.d/aacerts'
Oct  4 13:14:49 cressem pluto[8199]: Changing to directory '/etc/ipsec.d/ocspcerts'
Oct  4 13:14:49 cressem pluto[8199]: Changing to directory '/etc/ipsec.d/crls'
Oct  4 13:14:49 cressem pluto[8199]:   Warning: empty directory
Oct  4 13:14:49 cressem pluto[8199]: added connection description "cressem"
Oct  4 13:14:49 cressem pluto[8199]: listening for IKE messages
Oct  4 13:14:49 cressem pluto[8199]: adding interface eth1/eth1 10.1.0.1:500
Oct  4 13:14:49 cressem pluto[8199]: adding interface lo/lo 127.0.0.1:500
Oct  4 13:14:49 cressem pluto[8199]: adding interface eth0/eth0 200.231.48.37:500
Oct  4 13:14:49 cressem pluto[8199]: loading secrets from "/etc/ipsec.secrets"
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: initiating Main Mode
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: received Vendor ID payload [Openswan (this version) 2.4.0  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: received Vendor ID payload [Dead Peer Detection]
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: I did not send a certificate because I do not have one.
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: Main mode peer ID is ID_FQDN: '@cressem1'
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
Oct  4 13:14:50 cressem pluto[8199]: "cressem" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Oct  4 13:14:59 cressem pluto[8199]: packet from 200.231.48.39:500: received Vendor ID payload [Openswan (this version) 2.4.0  X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Oct  4 13:14:59 cressem pluto[8199]: packet from 200.231.48.39:500: received Vendor ID payload [Dead Peer Detection]
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: responding to Main Mode
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: STATE_MAIN_R1: sent MR1, expecting MI2
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: STATE_MAIN_R2: sent MR2, expecting MI3
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: Main mode peer ID is ID_FQDN: '@cressem1'
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: I did not send a certificate because I do not have one.
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #4: responding to Quick Mode {msgid:6de4efb6}
Oct  4 13:14:59 cressem pluto[8199]: "cressem" #4: ERROR: netlink response for Add SA esp.4cc65464 at 200.231.48.37 included errno 93: Protocol not supported
Oct  4 13:15:00 cressem pluto[8199]: "cressem" #1: Informational Exchange message must be encrypted
Oct  4 13:15:09 cressem pluto[8199]: "cressem" #4: next payload type of ISAKMP Hash Payload has an unknown value: 209
Oct  4 13:15:09 cressem pluto[8199]: "cressem" #4: malformed payload in packet
Oct  4 13:15:09 cressem pluto[8199]: "cressem" #4: sending notification PAYLOAD_MALFORMED to 200.231.48.39:500
Oct  4 13:15:20 cressem pluto[8199]: "cressem" #1: Informational Exchange message must be encrypted
Oct  4 13:15:29 cressem pluto[8199]: "cressem" #4: next payload type of ISAKMP Hash Payload has an unknown value: 209
Oct  4 13:15:29 cressem pluto[8199]: "cressem" #4: malformed payload in packet
Oct  4 13:15:29 cressem pluto[8199]: "cressem" #4: sending notification PAYLOAD_MALFORMED to 200.231.48.39:500
Oct  4 13:16:00 cressem pluto[8199]: "cressem" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
Oct  4 13:16:00 cressem pluto[8199]: "cressem" #2: starting keying attempt 2 of an unlimited number
Oct  4 13:16:00 cressem pluto[8199]: "cressem" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #2 {using isakmp#3}



More information about the Users mailing list