[Openswan Users] net 2 net connection
William Man
williamman at visualrock.co.uk
Tue Sep 20 10:54:57 CEST 2005
Hi,
I've finally set up all the tunnels. Decided not to tinker with routing, as
it seemed complicated as hell. I now have the following tunnels:
net-to-net
site1-to-net
site2-to-net
site1-to-site2
However, I am still getting the problem that only site2 can connect to
site1. When I try from site1 to connect to site2 i get the messages below.
I hope someone can help. Thanks
William
Site 1 messages when starting up..
-------------------
104 "net-to-net" #1: STATE_MAIN_I1: initiate
003 "net-to-net" #1: ignoring Vendor ID payload [4f457240604e7f585d6d5869]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
003 "net-to-net" #1: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03]
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "net-to-net" #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "net-to-net" #1: STATE_MAIN_I4: ISAKMP SA established
112 "net-to-net" #2: STATE_QUICK_I1: initiate
003 ERROR: "net-to-net" #2: pfkey write() of SADB_ADD message 6 for Add SA
comp.1611 at X.X.X.1 failed. Errno 22: Invalid argument
003 "net-to-net" #2: pfkey_msg_build of Delete SA unk0.1001 at X.X.X.1 failed,
code -22
032 "net-to-net" #2: STATE_QUICK_I1: internal error
-------------------
site1 secure.log
------------------
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: initiating Main Mode
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: ignoring Vendor ID
payload [4f457240604e7f585d6d5869]
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: received Vendor ID
payload [Dead Peer Detection]
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: enabling possible
NAT-traversal with method RFC XXXX (NAT-Traversal)
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: I did not send a
certificate because I do not have one.
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: NAT-Traversal: Result
using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: Peer ID is ID_FQDN:
'@site2.site.co.uk'
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #1: ISAKMP SA established
Sep 20 09:43:50 site1 pluto[10325]: "net-to-net" #2: initiating Quick Mode
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#1}
Sep 20 09:43:51 site1 pluto[10325]: ERROR: "net-to-net" #2: pfkey write() of
SADB_ADD message 6 for Add SA comp.1611 at X.X.X.1 failed. Errno 22: Invalid
argument
Sep 20 09:43:51 site1 pluto[10325]: | 02 03 00 0a 0b 00 00 00 06 00 00 00 55
28 00 00
Sep 20 09:43:51 site1 pluto[10325]: | 03 00 01 00 00 00 16 11 00 01 00 02 00
00 00 00
Sep 20 09:43:51 site1 pluto[10325]: | ff ff ff ff 00 00 00 00 03 00 05 00 00
00 00 00
Sep 20 09:43:51 site1 pluto[10325]: | 02 00 00 00 52 2b 2f 0e 00 00 00 00 00
00 00 00
Sep 20 09:43:51 site1 pluto[10325]: | 03 00 06 00 00 00 00 00 02 00 00 00 52
2b 5e 47
Sep 20 09:43:51 site1 pluto[10325]: | 00 00 00 00 00 00 00 00
Sep 20 09:43:51 site1 pluto[10325]: | pfkey_lib_debug:pfkey_msg_parse:
satype 0 conversion to proto failed for msg_type 4 (delete).
Sep 20 09:43:51 site1 pluto[10325]: | pfkey_lib_debug:pfkey_msg_build:
Trouble parsing newly built pfkey message, error=-22.
Sep 20 09:43:51 site1 pluto[10325]: "net-to-net" #2: pfkey_msg_build of
Delete SA unk0.1001 at X.X.X.1 failed, code -22
Sep 20 09:44:01 site1 pluto[10325]: ERROR: "net-to-net" #2: pfkey write() of
SADB_ADD message 9 for Add SA comp.1611 at X.X.X.1 failed. Errno 22: Invalid
argument
Sep 20 09:44:01 site1 pluto[10325]: | 02 03 00 0a 0b 00 00 00 09 00 00 00 55
28 00 00
Sep 20 09:44:01 site1 pluto[10325]: | 03 00 01 00 00 00 16 11 00 01 00 02 00
00 00 00
Sep 20 09:44:01 site1 pluto[10325]: | ff ff ff ff 00 00 00 00 03 00 05 00 00
00 00 00
Sep 20 09:44:01 site1 pluto[10325]: | 02 00 00 00 52 2b 2f 0e 00 00 00 00 00
00 00 00
Sep 20 09:44:01 site1 pluto[10325]: | 03 00 06 00 00 00 00 00 02 00 00 00 52
2b 5e 47
Sep 20 09:44:01 site1 pluto[10325]: | 00 00 00 00 00 00 00 00
Sep 20 09:44:01 site1 pluto[10325]: | pfkey_lib_debug:pfkey_msg_parse:
satype 0 conversion to proto failed for msg_type 4 (delete).
Sep 20 09:44:01 site1 pluto[10325]: | pfkey_lib_debug:pfkey_msg_build:
Trouble parsing newly built pfkey message, error=-22.
Sep 20 09:44:01 site1 pluto[10325]: "net-to-net" #2: pfkey_msg_build of
Delete SA unk0.1002 at X.X.X.1 failed, code -22
Sep 20 09:44:01 site1 pluto[10325]: "net-to-net" #1: Informational Exchange
message must be encrypted
Sep 20 09:44:21 site1 pluto[10325]: ERROR: "net-to-net" #2: pfkey write() of
SADB_ADD message 12 for Add SA comp.1611 at X.X.X.1 failed. Errno 22: Invalid
argument
Sep 20 09:44:21 site1 pluto[10325]: | 02 03 00 0a 0b 00 00 00 0c 00 00 00 55
28 00 00
Sep 20 09:44:21 site1 pluto[10325]: | 03 00 01 00 00 00 16 11 00 01 00 02 00
00 00 00
Sep 20 09:44:21 site1 pluto[10325]: | ff ff ff ff 00 00 00 00 03 00 05 00 00
00 00 00
Sep 20 09:44:21 site1 pluto[10325]: | 02 00 00 00 52 2b 2f 0e 00 00 00 00 00
00 00 00
Sep 20 09:44:21 site1 pluto[10325]: | 03 00 06 00 00 00 00 00 02 00 00 00 52
2b 5e 47
Sep 20 09:44:21 site1 pluto[10325]: | 00 00 00 00 00 00 00 00
Sep 20 09:44:21 site1 pluto[10325]: | pfkey_lib_debug:pfkey_msg_parse:
satype 0 conversion to proto failed for msg_type 4 (delete).
Sep 20 09:44:21 site1 pluto[10325]: | pfkey_lib_debug:pfkey_msg_build:
Trouble parsing newly built pfkey message, error=-22.
Sep 20 09:44:21 site1 pluto[10325]: "net-to-net" #2: pfkey_msg_build of
Delete SA unk0.1003 at X.X.X.1 failed, code -22
Sep 20 09:44:21 site1 pluto[10325]: "net-to-net" #1: Informational Exchange
message must be encrypted
Sep 20 09:45:01 site1 pluto[10325]: "net-to-net" #2: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our
first Quick Mode message: perhaps peer likes no proposal
Sep 20 09:45:01 site1 pluto[10325]: "net-to-net" #1: Quick Mode I1 message
is unacceptable because it uses a previously used Message ID 0xeac4e52a
(perhaps this is a duplicated packet)
Sep 20 09:45:01 site1 pluto[10325]: "net-to-net" #1: sending encrypted
notification INVALID_MESSAGE_ID to X.X.X.2:500
Sep 20 09:45:41 site1 pluto[10325]: "net-to-net" #1: Quick Mode I1 message
is unacceptable because it uses a previously used Message ID 0xeac4e52a
(perhaps this is a duplicated packet)
Sep 20 09:45:41 site1 pluto[10325]: "net-to-net" #1: sending encrypted
notification INVALID_MESSAGE_ID to X.X.X.2:500
Sep 20 09:46:21 site1 pluto[10325]: "net-to-net" #1: Quick Mode I1 message
is unacceptable because it uses a previously used Message ID 0xeac4e52a
(perhaps this is a duplicated packet)
Sep 20 09:46:21 site1 pluto[10325]: "net-to-net" #1: sending encrypted
notification INVALID_MESSAGE_ID to X.X.X.2:500
Sep 20 09:47:01 site1 pluto[10325]: "net-to-net" #1: Quick Mode I1 message
is unacceptable because it uses a previously used Message ID 0xeac4e52a
(perhaps this is a duplicated packet)
Sep 20 09:47:01 site1 pluto[10325]: "net-to-net" #1: sending encrypted
notification INVALID_MESSAGE_ID to X.X.X.2:500
------------------
The secure log from site 2 is
------------------
Sep 20 09:44:35 site2 pluto[15024]: packet from 82.43.94.71:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
Sep 20 09:44:35 site2 pluto[15024]: packet from 82.43.94.71:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already
using method 108
Sep 20 09:44:35 site2 pluto[15024]: packet from 82.43.94.71:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Sep 20 09:44:35 site2 pluto[15024]: "site2-to-net" #1: responding to Main
Mode
Sep 20 09:44:35 site2 pluto[15024]: "site2-to-net" #1: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Sep 20 09:44:35 site2 pluto[15024]: "site2-to-net" #1: STATE_MAIN_R1: sent
MR1, expecting MI2
Sep 20 09:44:35 site2 pluto[15024]: "site2-to-net" #1: NAT-Traversal: Result
using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Sep 20 09:44:35 site2 pluto[15024]: "site2-to-net" #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 20 09:44:35 site2 pluto[15024]: "site2-to-net" #1: STATE_MAIN_R2: sent
MR2, expecting MI3
Sep 20 09:44:36 site2 pluto[15024]: "site2-to-net" #1: Main mode peer ID is
ID_FQDN: '@diamond.visualrock.co.uk'
Sep 20 09:44:36 site2 pluto[15024]: "site2-to-net" #1: I did not send a
certificate because I do not have one.
Sep 20 09:44:36 site2 pluto[15024]: "site2-to-net" #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 20 09:44:36 site2 pluto[15024]: "site2-to-net" #1: STATE_MAIN_R3: sent
MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1536}
Sep 20 09:44:36 site2 pluto[15024]: "net-to-net" #2: responding to Quick
Mode {msgid:eac4e52a}
Sep 20 09:44:36 site2 pluto[15024]: "net-to-net" #2: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1
Sep 20 09:44:36 site2 pluto[15024]: "net-to-net" #2: STATE_QUICK_R1: sent
QR1, inbound IPsec SA installed, expecting QI2
Sep 20 09:44:46 site2 pluto[15024]: "net-to-net" #2: next payload type of
ISAKMP Hash Payload has an unknown value: 105
Sep 20 09:44:46 site2 pluto[15024]: "net-to-net" #2: malformed payload in
packet
Sep 20 09:44:46 site2 pluto[15024]: "net-to-net" #2: sending notification
PAYLOAD_MALFORMED to 82.43.94.71:500
Sep 20 09:45:06 site2 pluto[15024]: "net-to-net" #2: next payload type of
ISAKMP Hash Payload has an unknown value: 105
Sep 20 09:45:06 site2 pluto[15024]: "net-to-net" #2: malformed payload in
packetf
Sep 20 09:45:06 site2 pluto[15024]: "net-to-net" #2: sending notification
PAYLOAD_MALFORMED to 82.43.94.71:500
Sep 20 09:45:46 site2 pluto[15024]: "site2-to-net" #1: ignoring
informational payload, type INVALID_MESSAGE_ID
Sep 20 09:45:46 site2 pluto[15024]: "site2-to-net" #1: received and ignored
informational message
Sep 20 09:46:26 site2 pluto[15024]: "site2-to-net" #1: ignoring
informational payload, type INVALID_MESSAGE_ID
Sep 20 09:46:26 site2 pluto[15024]: "site2-to-net" #1: received and ignored
informational message
Sep 20 09:47:06 site2 pluto[15024]: "site2-to-net" #1: ignoring
informational payload, type INVALID_MESSAGE_ID
Sep 20 09:47:06 site2 pluto[15024]: "site2-to-net" #1: received and ignored
informational message
Sep 20 09:47:46 site2 pluto[15024]: "site2-to-net" #1: ignoring
informational payload, type INVALID_MESSAGE_ID
Sep 20 09:47:46 site2 pluto[15024]: "site2-to-net" #1: received and ignored
informational message
Sep 20 09:48:26 site2 pluto[15024]: "site2-to-net" #1: ignoring
informational payload, type INVALID_MESSAGE_ID
Sep 20 09:48:26 site2 pluto[15024]: "site2-to-net" #1: received and ignored
informational message
Sep 20 09:49:06 site2 pluto[15024]: "site2-to-net" #1: ignoring
informational payload, type INVALID_MESSAGE_ID
Sep 20 09:49:06 site2 pluto[15024]: "site2-to-net" #1: received and ignored
informational message
Sep 20 09:49:46 site2 pluto[15024]: "site2-to-net" #1: ignoring
informational payload, type INVALID_MESSAGE_ID
Sep 20 09:49:46 site2 pluto[15024]: "site2-to-net" #1: received and ignored
informational message
------------------
________________________________________________________________
This email has been scanned by ClamAV, and should be virus free.
More information about the Users
mailing list