[Openswan Users] Windows XP to OpenSWAN with ipsec.exe
Pat Fricke
sales at prfhome.com
Tue Apr 25 11:18:12 CEST 2006
I'm back again with a whole new problem.
I have an existing Fedora core 4 system running Openswan version
U2.4.4/K2.6.11-1.1369_FC4. The server has 7 roadwarrier connections using
Linksys routers. Now I need to add a laptop roadwarrier with satellite
internet. My test bed is a stand alone PC connected directly to DSL modem.
Currently all firewalling, virus scanning, pop-up blockers, etc. on the
windows side are OFF.
Followed (as best I could) instructions from http://vpn.ebootis.de/ and the
ipsec.exe tool to avoid having to load a L2TP Daemon. (Also have tried using
ipseccmd.exe with command line switches but get the same results).
The workstation config is currently
******************************************************************
conn AIC
left=%any
right=66.213.254.50
authmode=SHA
network=auto
presharedkey=my_preshared_key
auto=start
pfs=no
The server config is
**************************************************************
version 2
# basic configuration
config setup
klipsdebug=none
nat_traversal=yes
plutodebug=none
uniqueids=yes
conn %default
authby=secret
compress=no
ikelifetime=28800s
keyexchange=ike
keylife=3600s
pfs=no
conn Unknown_Host (WindowsXP)
disablearrivalcheck=no
left=66.213.254.50
leftid=66.213.254.50
leftnexthop=66.213.254.49
right=%any
rightnexthop=%defaultroute
auto=add
conn aicflorence (existing-1)
left=66.213.254.50
leftid=66.213.254.50
leftnexthop=66.213.254.50
right=%any
rightnexthop=%defaultroute
rightsubnet=192.xxx.xxx.xxx
auto=add
conn existing-2
. (These are all the same except for the subnet)
include /etc/ipsec.d/examples/no_oe.conf
*******************************************************************
With this configuration I seem to connect but cannot ping the internal ip of
the server.
Server log:
**********************************************************************
Apr 24 23:46:15 aicinsco pluto[16777]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:46:15 aicinsco pluto[16777]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:46:15 aicinsco pluto[16777]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Apr 24 23:46:15 aicinsco pluto[16777]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9: I
did not send a certificate because I do not have one.
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
responding to Quick Mode {msgid:fa5169a6}
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
up-host output: Cannot open "/proc/sys/net/ipv4/route/flush"
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
route-host output: Cannot open "/proc/sys/net/ipv4/route/flush"
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
STATE_QUICK_R2: IPsec SA established {ESP=>0x365bcfa7 <0x7353f5eb
xfrm=3DES_0-HMAC_SHA1 NATD=71.111.122.235:500 DPD=none}
************************************************************
If I add rightsubnet=192.xxx.xxx.xxx/255.255.255.255(server internal ip) on
the Windows side it no longer trys to connect (no entries in the secure log
at all).
The Windows log shows:
***************************************************************
4-24: 23:35:23:92:5a0 Acquire from driver: op=00000007 src=71.111.122.235.0
dst=66.213.254.50.0 proto = 0, SrcMask=255.255.255.255,
DstMask=255.255.255.255, Tunnel 1, TunnelEndpt=66.213.254.50 Inbound
TunnelEndpt=71.111.122.235
4-24: 23:35:23:92:244 Filter to match: Src 66.213.254.50 Dst 71.111.122.235
4-24: 23:35:23:102:244 MM PolicyName: 3
4-24: 23:35:23:102:244 MMPolicy dwFlags 2 SoftSAExpireTime 28800
4-24: 23:35:23:102:244 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
4-24: 23:35:23:102:244 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
4-24: 23:35:23:102:244 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
4-24: 23:35:23:102:244 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
4-24: 23:35:23:102:244 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 1
4-24: 23:35:23:102:244 MMOffer[2] Encrypt: DES CBC Hash: SHA
4-24: 23:35:23:102:244 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
4-24: 23:35:23:102:244 MMOffer[3] Encrypt: DES CBC Hash: MD5
4-24: 23:35:23:102:244 Auth[0]:PresharedKey KeyLen 24
4-24: 23:35:23:102:244 QM PolicyName: Host-AIC filter action dwFlags 1
4-24: 23:35:23:102:244 QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
4-24: 23:35:23:102:244 QMOffer[0] dwFlags 0 dwPFSGroup 0
4-24: 23:35:23:102:244 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
4-24: 23:35:23:102:244 Starting Negotiation: src = 71.111.122.235.0500, dst
= 66.213.254.50.0500, proto = 00, context = 00000007, ProxySrc =
71.111.122.235.0000, ProxyDst = 66.213.254.50.0000 SrcMask = 255.255.255.255
DstMask = 255.255.255.255
4-24: 23:35:23:102:244 constructing ISAKMP Header
4-24: 23:35:23:102:244 constructing SA (ISAKMP)
4-24: 23:35:23:102:244 Constructing Vendor MS NT5 ISAKMPOAKLEY
4-24: 23:35:23:102:244 Constructing Vendor FRAGMENTATION
4-24: 23:35:23:102:244 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
4-24: 23:35:23:102:244 Constructing Vendor Vid-Initial-Contact
4-24: 23:35:23:102:244
4-24: 23:35:23:102:244 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:23:102:244 ISAKMP Header: (V1.0), len = 276
4-24: 23:35:23:102:244 I-COOKIE f0c08e9044056879
4-24: 23:35:23:102:244 R-COOKIE 0000000000000000
4-24: 23:35:23:102:244 exchange: Oakley Main Mode
4-24: 23:35:23:102:244 flags: 0
4-24: 23:35:23:102:244 next payload: SA
4-24: 23:35:23:102:244 message ID: 00000000
4-24: 23:35:23:102:244 Ports S:f401 D:f401
4-24: 23:35:23:182:244
4-24: 23:35:23:182:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:23:182:244 ISAKMP Header: (V1.0), len = 140
4-24: 23:35:23:182:244 I-COOKIE f0c08e9044056879
4-24: 23:35:23:182:244 R-COOKIE 637189af358a80ec
4-24: 23:35:23:182:244 exchange: Oakley Main Mode
4-24: 23:35:23:182:244 flags: 0
4-24: 23:35:23:182:244 next payload: SA
4-24: 23:35:23:182:244 message ID: 00000000
4-24: 23:35:23:182:244 processing payload SA
4-24: 23:35:23:182:244 Received Phase 1 Transform 1
4-24: 23:35:23:182:244 Encryption Alg Triple DES CBC(5)
4-24: 23:35:23:182:244 Hash Alg SHA(2)
4-24: 23:35:23:182:244 Oakley Group 2
4-24: 23:35:23:182:244 Auth Method Preshared Key(1)
4-24: 23:35:23:182:244 Life type in Seconds
4-24: 23:35:23:182:244 Life duration of 28800
4-24: 23:35:23:182:244 Phase 1 SA accepted: transform=1
4-24: 23:35:23:182:244 SA - Oakley proposal accepted
4-24: 23:35:23:182:244 processing payload VENDOR ID
4-24: 23:35:23:182:244 processing payload VENDOR ID
4-24: 23:35:23:182:244 processing payload VENDOR ID
4-24: 23:35:23:182:244 Received VendorId draft-ietf-ipsec-nat-t-ike-02
4-24: 23:35:23:182:244 ClearFragList
4-24: 23:35:23:182:244 constructing ISAKMP Header
4-24: 23:35:23:232:244 constructing KE
4-24: 23:35:23:232:244 constructing NONCE (ISAKMP)
4-24: 23:35:23:232:244 Constructing NatDisc
4-24: 23:35:23:232:244
4-24: 23:35:23:232:244 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:23:232:244 ISAKMP Header: (V1.0), len = 232
4-24: 23:35:23:232:244 I-COOKIE f0c08e9044056879
4-24: 23:35:23:232:244 R-COOKIE 637189af358a80ec
4-24: 23:35:23:232:244 exchange: Oakley Main Mode
4-24: 23:35:23:232:244 flags: 0
4-24: 23:35:23:232:244 next payload: KE
4-24: 23:35:23:232:244 message ID: 00000000
4-24: 23:35:23:232:244 Ports S:f401 D:f401
4-24: 23:35:23:312:244
4-24: 23:35:23:312:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:23:312:244 ISAKMP Header: (V1.0), len = 228
4-24: 23:35:23:312:244 I-COOKIE f0c08e9044056879
4-24: 23:35:23:312:244 R-COOKIE 637189af358a80ec
4-24: 23:35:23:312:244 exchange: Oakley Main Mode
4-24: 23:35:23:312:244 flags: 0
4-24: 23:35:23:312:244 next payload: KE
4-24: 23:35:23:312:244 message ID: 00000000
4-24: 23:35:23:312:244 processing payload KE
4-24: 23:35:23:332:244 processing payload NONCE
4-24: 23:35:23:332:244 processing payload NATDISC
4-24: 23:35:23:332:244 Processing NatHash
4-24: 23:35:23:332:244 Nat hash 654f358e490df64db6e236b3c0ef48e1
4-24: 23:35:23:332:244 7513f96b
4-24: 23:35:23:332:244 SA StateMask2 f
4-24: 23:35:23:332:244 processing payload NATDISC
4-24: 23:35:23:332:244 Processing NatHash
4-24: 23:35:23:332:244 Nat hash 9f3a78f336c697754f2bcc48e57ded77
4-24: 23:35:23:332:244 3effbbf9
4-24: 23:35:23:332:244 SA StateMask2 8f
4-24: 23:35:23:332:244 ClearFragList
4-24: 23:35:23:332:244 constructing ISAKMP Header
4-24: 23:35:23:332:244 constructing ID
4-24: 23:35:23:332:244 MM ID Type 1
4-24: 23:35:23:332:244 MM ID 476f7aeb
4-24: 23:35:23:332:244 constructing HASH
4-24: 23:35:23:332:244
4-24: 23:35:23:332:244 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:23:332:244 ISAKMP Header: (V1.0), len = 68
4-24: 23:35:23:332:244 I-COOKIE f0c08e9044056879
4-24: 23:35:23:332:244 R-COOKIE 637189af358a80ec
4-24: 23:35:23:332:244 exchange: Oakley Main Mode
4-24: 23:35:23:332:244 flags: 1 ( encrypted )
4-24: 23:35:23:332:244 next payload: ID
4-24: 23:35:23:332:244 message ID: 00000000
4-24: 23:35:23:332:244 Ports S:f401 D:f401
4-24: 23:35:23:412:244
4-24: 23:35:23:412:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:23:412:244 ISAKMP Header: (V1.0), len = 68
4-24: 23:35:23:412:244 I-COOKIE f0c08e9044056879
4-24: 23:35:23:412:244 R-COOKIE 637189af358a80ec
4-24: 23:35:23:412:244 exchange: Oakley Main Mode
4-24: 23:35:23:412:244 flags: 1 ( encrypted )
4-24: 23:35:23:412:244 next payload: ID
4-24: 23:35:23:412:244 message ID: 00000000
4-24: 23:35:23:412:244 processing payload ID
4-24: 23:35:23:412:244 processing payload HASH
4-24: 23:35:23:412:244 AUTH: Phase I authentication accepted
4-24: 23:35:23:412:244 ClearFragList
4-24: 23:35:23:412:244 MM established. SA: 000FA260
4-24: 23:35:23:412:244 QM PolicyName: Host-AIC filter action dwFlags 1
4-24: 23:35:23:412:244 QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
4-24: 23:35:23:412:244 QMOffer[0] dwFlags 0 dwPFSGroup 0
4-24: 23:35:23:412:244 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
4-24: 23:35:23:412:244 GetSpi: src = 66.213.254.50.0000, dst =
71.111.122.235.0000, proto = 00, context = 00000007, srcMask =
255.255.255.255, destMask = 255.255.255.255, TunnelFilter 1
4-24: 23:35:23:412:244 Setting SPI 3076015393
4-24: 23:35:23:412:244 constructing ISAKMP Header
4-24: 23:35:23:412:244 constructing HASH (null)
4-24: 23:35:23:412:244 constructing SA (IPSEC)
4-24: 23:35:23:412:244 constructing NONCE (IPSEC)
4-24: 23:35:23:412:244 constructing ID (proxy)
4-24: 23:35:23:412:244 constructing ID (proxy)
4-24: 23:35:23:412:244 constructing HASH (QM)
4-24: 23:35:23:412:244
4-24: 23:35:23:412:244 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:23:412:244 ISAKMP Header: (V1.0), len = 164
4-24: 23:35:23:412:244 I-COOKIE f0c08e9044056879
4-24: 23:35:23:412:244 R-COOKIE 637189af358a80ec
4-24: 23:35:23:412:244 exchange: Oakley Quick Mode
4-24: 23:35:23:412:244 flags: 1 ( encrypted )
4-24: 23:35:23:412:244 next payload: HASH
4-24: 23:35:23:412:244 message ID: 16a11345
4-24: 23:35:23:412:244 Ports S:f401 D:f401
4-24: 23:35:23:493:244
4-24: 23:35:23:493:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:23:493:244 ISAKMP Header: (V1.0), len = 68
4-24: 23:35:23:493:244 I-COOKIE f0c08e9044056879
4-24: 23:35:23:493:244 R-COOKIE 637189af358a80ec
4-24: 23:35:23:493:244 exchange: ISAKMP Informational Exchange
4-24: 23:35:23:493:244 flags: 1 ( encrypted )
4-24: 23:35:23:493:244 next payload: HASH
4-24: 23:35:23:493:244 message ID: 330b9b4f
4-24: 23:35:23:493:244 processing HASH (Notify/Delete)
4-24: 23:35:23:493:244 processing payload NOTIFY
4-24: 23:35:23:493:244 notify: INVALID-ID-INFORMATION
4-24: 23:35:23:493:244 isadb_set_status sa:000FA260 centry:00000000 status
3601
4-24: 23:35:24:684:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
1
4-24: 23:35:24:684:5c0
4-24: 23:35:24:684:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:24:684:5c0 ISAKMP Header: (V1.0), len = 164
4-24: 23:35:24:684:5c0 I-COOKIE f0c08e9044056879
4-24: 23:35:24:684:5c0 R-COOKIE 637189af358a80ec
4-24: 23:35:24:684:5c0 exchange: Oakley Quick Mode
4-24: 23:35:24:684:5c0 flags: 1 ( encrypted )
4-24: 23:35:24:684:5c0 next payload: HASH
4-24: 23:35:24:684:5c0 message ID: 16a11345
4-24: 23:35:24:684:5c0 Ports S:f401 D:f401
4-24: 23:35:24:754:244
4-24: 23:35:24:754:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:24:754:244 ISAKMP Header: (V1.0), len = 68
4-24: 23:35:24:754:244 I-COOKIE f0c08e9044056879
4-24: 23:35:24:754:244 R-COOKIE 637189af358a80ec
4-24: 23:35:24:754:244 exchange: ISAKMP Informational Exchange
4-24: 23:35:24:754:244 flags: 1 ( encrypted )
4-24: 23:35:24:754:244 next payload: HASH
4-24: 23:35:24:754:244 message ID: e08b7117
4-24: 23:35:24:754:244 processing HASH (Notify/Delete)
4-24: 23:35:24:754:244 processing payload NOTIFY
4-24: 23:35:24:754:244 notify: INVALID-MESSAGE-ID
4-24: 23:35:24:754:244 Unknown Notify Message 9
4-24: 23:35:26:687:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
2
4-24: 23:35:26:687:5c0
4-24: 23:35:26:687:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:26:687:5c0 ISAKMP Header: (V1.0), len = 164
4-24: 23:35:26:687:5c0 I-COOKIE f0c08e9044056879
4-24: 23:35:26:687:5c0 R-COOKIE 637189af358a80ec
4-24: 23:35:26:687:5c0 exchange: Oakley Quick Mode
4-24: 23:35:26:687:5c0 flags: 1 ( encrypted )
4-24: 23:35:26:687:5c0 next payload: HASH
4-24: 23:35:26:687:5c0 message ID: 16a11345
4-24: 23:35:26:687:5c0 Ports S:f401 D:f401
4-24: 23:35:26:757:244
4-24: 23:35:26:757:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:26:757:244 ISAKMP Header: (V1.0), len = 68
4-24: 23:35:26:757:244 I-COOKIE f0c08e9044056879
4-24: 23:35:26:757:244 R-COOKIE 637189af358a80ec
4-24: 23:35:26:757:244 exchange: ISAKMP Informational Exchange
4-24: 23:35:26:757:244 flags: 1 ( encrypted )
4-24: 23:35:26:757:244 next payload: HASH
4-24: 23:35:26:757:244 message ID: 8d7217f4
4-24: 23:35:26:767:244 processing HASH (Notify/Delete)
4-24: 23:35:26:767:244 processing payload NOTIFY
4-24: 23:35:26:767:244 notify: INVALID-MESSAGE-ID
4-24: 23:35:26:767:244 Unknown Notify Message 9
4-24: 23:35:30:693:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
3
4-24: 23:35:30:693:5c0
4-24: 23:35:30:693:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:30:693:5c0 ISAKMP Header: (V1.0), len = 164
4-24: 23:35:30:693:5c0 I-COOKIE f0c08e9044056879
4-24: 23:35:30:693:5c0 R-COOKIE 637189af358a80ec
4-24: 23:35:30:693:5c0 exchange: Oakley Quick Mode
4-24: 23:35:30:693:5c0 flags: 1 ( encrypted )
4-24: 23:35:30:693:5c0 next payload: HASH
4-24: 23:35:30:693:5c0 message ID: 16a11345
4-24: 23:35:30:693:5c0 Ports S:f401 D:f401
4-24: 23:35:30:763:244
4-24: 23:35:30:763:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:30:763:244 ISAKMP Header: (V1.0), len = 68
4-24: 23:35:30:763:244 I-COOKIE f0c08e9044056879
4-24: 23:35:30:763:244 R-COOKIE 637189af358a80ec
4-24: 23:35:30:763:244 exchange: ISAKMP Informational Exchange
4-24: 23:35:30:763:244 flags: 1 ( encrypted )
4-24: 23:35:30:763:244 next payload: HASH
4-24: 23:35:30:763:244 message ID: 2e9b261d
4-24: 23:35:30:763:244 processing HASH (Notify/Delete)
4-24: 23:35:30:763:244 processing payload NOTIFY
4-24: 23:35:30:763:244 notify: INVALID-MESSAGE-ID
4-24: 23:35:30:763:244 Unknown Notify Message 9
4-24: 23:35:38:704:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
4
4-24: 23:35:38:704:5c0
4-24: 23:35:38:704:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:38:704:5c0 ISAKMP Header: (V1.0), len = 164
4-24: 23:35:38:704:5c0 I-COOKIE f0c08e9044056879
4-24: 23:35:38:704:5c0 R-COOKIE 637189af358a80ec
4-24: 23:35:38:704:5c0 exchange: Oakley Quick Mode
4-24: 23:35:38:704:5c0 flags: 1 ( encrypted )
4-24: 23:35:38:704:5c0 next payload: HASH
4-24: 23:35:38:704:5c0 message ID: 16a11345
4-24: 23:35:38:704:5c0 Ports S:f401 D:f401
4-24: 23:35:38:805:244
4-24: 23:35:38:805:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:38:805:244 ISAKMP Header: (V1.0), len = 68
4-24: 23:35:38:805:244 I-COOKIE f0c08e9044056879
4-24: 23:35:38:805:244 R-COOKIE 637189af358a80ec
4-24: 23:35:38:805:244 exchange: ISAKMP Informational Exchange
4-24: 23:35:38:805:244 flags: 1 ( encrypted )
4-24: 23:35:38:805:244 next payload: HASH
4-24: 23:35:38:805:244 message ID: 0c17f6bd
4-24: 23:35:38:805:244 processing HASH (Notify/Delete)
4-24: 23:35:38:805:244 processing payload NOTIFY
4-24: 23:35:38:805:244 notify: INVALID-MESSAGE-ID
4-24: 23:35:38:805:244 Unknown Notify Message 9
4-24: 23:35:54:727:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
5
4-24: 23:35:54:727:5c0
4-24: 23:35:54:727:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
4-24: 23:35:54:727:5c0 ISAKMP Header: (V1.0), len = 164
4-24: 23:35:54:727:5c0 I-COOKIE f0c08e9044056879
4-24: 23:35:54:727:5c0 R-COOKIE 637189af358a80ec
4-24: 23:35:54:727:5c0 exchange: Oakley Quick Mode
4-24: 23:35:54:727:5c0 flags: 1 ( encrypted )
4-24: 23:35:54:727:5c0 next payload: HASH
4-24: 23:35:54:727:5c0 message ID: 16a11345
4-24: 23:35:54:727:5c0 Ports S:f401 D:f401
4-24: 23:35:54:798:244
4-24: 23:35:54:798:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
4-24: 23:35:54:798:244 ISAKMP Header: (V1.0), len = 68
4-24: 23:35:54:798:244 I-COOKIE f0c08e9044056879
4-24: 23:35:54:798:244 R-COOKIE 637189af358a80ec
4-24: 23:35:54:798:244 exchange: ISAKMP Informational Exchange
4-24: 23:35:54:798:244 flags: 1 ( encrypted )
4-24: 23:35:54:798:244 next payload: HASH
4-24: 23:35:54:798:244 message ID: 779bf1a0
4-24: 23:35:54:798:244 processing HASH (Notify/Delete)
4-24: 23:35:54:798:244 processing payload NOTIFY
4-24: 23:35:54:798:244 notify: INVALID-MESSAGE-ID
4-24: 23:35:54:798:244 Unknown Notify Message 9
***********************************************************************
Server log:
***********************************************************************
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9: I
did not send a certificate because I do not have one.
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
cannot respond to IPsec SA request because no connection is known for
66.213.254.50...71.111.122.235
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_ID_INFORMATION to 71.111.122.235:500
Apr 24 23:38:39 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:39 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:41 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:41 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:45 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:45 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:53 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:53 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:39:09 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:39:09 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:39:19 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
received Delete SA payload: deleting ISAKMP State #9
Apr 24 23:39:19 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235:
deleting connection "aicflorence" instance with peer 71.111.122.235
{isakmp=#0/ipsec=#0}
Apr 24 23:39:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received and ignored informational message
Apr 24 23:39:19 aicinsco pluto[16079]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to 71.111.122.235 port 500,
complainant 71.111.122.235: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
I did not send a certificate because I do not have one.
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
cannot respond to IPsec SA request because no connection is known for
66.213.254.50...71.111.122.235
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_ID_INFORMATION to 71.111.122.235:500
Apr 24 23:44:21 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:21 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:23 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:23 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:27 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:27 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:35 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:35 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:51 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:51 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:45:06 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
received Delete SA payload: deleting ISAKMP State #10
Apr 24 23:45:06 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235:
deleting connection "aicflorence" instance with peer 71.111.122.235
{isakmp=#0/ipsec=#0}
Apr 24 23:45:06 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received and ignored informational message
Apr 24 23:45:06 aicinsco pluto[16079]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to 71.111.122.235 port 500,
complainant 71.111.122.235: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9: I
did not send a certificate because I do not have one.
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
cannot respond to IPsec SA request because no connection is known for
66.213.254.50...71.111.122.235
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_ID_INFORMATION to 71.111.122.235:500
Apr 24 23:38:39 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:39 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:41 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:41 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:45 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:45 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:53 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:53 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:39:09 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:39:09 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:39:19 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
received Delete SA payload: deleting ISAKMP State #9
Apr 24 23:39:19 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235:
deleting connection "aicflorence" instance with peer 71.111.122.235
{isakmp=#0/ipsec=#0}
Apr 24 23:39:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received and ignored informational message
Apr 24 23:39:19 aicinsco pluto[16079]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to 71.111.122.235 port 500,
complainant 71.111.122.235: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
I did not send a certificate because I do not have one.
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
cannot respond to IPsec SA request because no connection is known for
66.213.254.50...71.111.122.235
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_ID_INFORMATION to 71.111.122.235:500
Apr 24 23:44:21 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:21 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:23 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:23 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:27 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:27 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:35 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:35 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:51 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:51 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:45:06 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
received Delete SA payload: deleting ISAKMP State #10
Apr 24 23:45:06 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235:
deleting connection "aicflorence" instance with peer 71.111.122.235
{isakmp=#0/ipsec=#0}
Apr 24 23:45:06 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received and ignored informational message
Apr 24 23:45:06 aicinsco pluto[16079]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to 71.111.122.235 port 500,
complainant 71.111.122.235: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
****************************************************************************
*************
If I add leftsubnet=192.xxx.xxx.xxx/255.255.255.255(server internal ip) on
the server side it says:
cannot respond to IPsec SA request because no connection is known for
66.xxx.xxx.xxx
More information about the Users
mailing list