[Openswan Users] help again ( sory about flood)

Sergio Bazilio sbazilio at gmail.com
Wed Apr 19 16:01:10 CEST 2006 

so guys, now i can start tunnel, the tunnel is UP.


i can see the ping , and the reply in my interface
14:57:32.259182 IP acobr190.acotelbr.com.br > chattv01.m4u.com.br: ICMP echo
request, id 33104, seq 832, length 64
14:57:32.259194 IP chattv01.m4u.com.br > acobr190.acotelbr.com.br: ICMP echo
reply, id 33104, seq 832, length 64
14:57:33.203657 IP acobr190.acotelbr.com.br > chattv01.m4u.com.br: ICMP echo
request, id 33104, seq 833, length 64
14:57:33.203668 IP chattv01.m4u.com.br > acobr190.acotelbr.com.br: ICMP echo
reply, id 33104, seq 833, length 64


but, in shell i dont see the ping and in /var/log/messages, i get a flood of



Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: initiating Main Mode
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: STATE_MAIN_I2: sent
MI2, expecting MR2
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: received Vendor ID
payload [Cisco-Unity]
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: received Vendor ID
payload [Dead Peer Detection]
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: ignoring unknown
Vendor ID payload [4bf4d2809c90ddc44ad8ebca2c03a199]
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: I did not send a
certificate because I do not have one.
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: STATE_MAIN_I3: sent
MI3, expecting MR3
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: Main mode peer ID is
ID_IPV4_ADDR: '200.184.147.253'
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: STATE_MAIN_I4: ISAKMP
SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1024}
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #9: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP {using isakmp#8}
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #8: received and ignored
informational message
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #9: ignoring
informational payload, type IPSEC_RESPONDER_LIFETIME
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #9: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 19 15:01:01 chattv01 pluto[5087]: "acotel-m4u" #9: STATE_QUICK_I2: sent
QI2, IPsec SA established {ESP=>0xd1dde979 <0x7ff638d3 xfrm=3DES_0-HMAC_MD5
NATD=none DPD=none}
Apr 19 15:01:05 chattv01 pluto[5087]: "acotel-m4u" #8: cannot respond to
IPsec SA request because no connection is known for
200.150.149.0/24===200.150.149.196...200.184.147.253===200.184.147.0/24
Apr 19 15:01:05 chattv01 pluto[5087]: "acotel-m4u" #8: sending encrypted
notification INVALID_ID_INFORMATION to 200.184.147.253:500
Apr 19 15:01:08 chattv01 pluto[5087]: "acotel-m4u" #8: cannot respond to
IPsec SA request because no connection is known for
200.150.149.0/24===200.150.149.196...200.184.147.253===200.184.147.190/32
Apr 19 15:01:08 chattv01 pluto[5087]: "acotel-m4u" #8: sending encrypted
notification INVALID_ID_INFORMATION to 200.184.147.253:500

Apr 19 15:01:20 chattv01 pluto[5087]: "acotel-m4u" #8: Quick Mode I1 message
is unacceptable because it uses a previously used Message ID 0xb0c315e2
(perhaps this is a duplicated packet)
Apr 19 15:01:20 chattv01 pluto[5087]: "acotel-m4u" #8: sending encrypted
notification INVALID_MESSAGE_ID to 200.184.147.253:500
Apr 19 15:01:23 chattv01 pluto[5087]: "acotel-m4u" #8: Quick Mode I1 message
is unacceptable because it uses a previously used Message ID 0xb857cbff
(perhaps this is a duplicated packet)
Apr 19 15:01:23 chattv01 pluto[5087]: "acotel-m4u" #8: sending encrypted
notification INVALID_MESSAGE_ID to 200.184.147.253:500


Any hint??


my ipsec.conf is:


# /etc/ipsec.conf - OpenSWAN IPSec configuration file

#The version information is needed for OpenSWAN

version 2.0

# basic configuration
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none

# Add connections here


conn %default
        esp=3des-md5-96
        authby=secret



conn acotel-m4u
        type=tunnel
        left=200.184.147.253
        leftnexthop=200.184.147.254
        leftsubnet=200.184.147.22/32
        ikelifetime=86400
        right=200.150.149.196
        rightnexthop=200.150.149.193
        rightsubnet=200.150.149.196/32
        keyexchange=ike
        pfs=no
        auto=start




# Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf




--
Sergio Bazilio
 Analista de Operações
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060419/43faf300/attachment-0001.htm

More information about the Users mailing list