[Openswan Users] Windows XP to OpenSWAN with ipsec.exe

Pat Fricke sales at prfhome.com
Tue Apr 25 11:18:12 CEST 2006


I'm back again with a whole new problem. 

I have an existing Fedora core 4 system running Openswan version
U2.4.4/K2.6.11-1.1369_FC4. The server has 7 roadwarrier  connections using
Linksys routers. Now I need to add a laptop roadwarrier with satellite
internet. My test bed is a stand alone PC connected directly to DSL modem.
Currently all firewalling, virus scanning, pop-up blockers, etc. on the
windows side are OFF.

Followed (as best I could) instructions from http://vpn.ebootis.de/ and the
ipsec.exe tool to avoid having to load a L2TP Daemon. (Also have tried using
ipseccmd.exe with command line switches but get the same results).



The workstation config is currently
******************************************************************
conn AIC
	left=%any
	right=66.213.254.50
	authmode=SHA
	network=auto
      presharedkey=my_preshared_key
	auto=start
	pfs=no

The server config is
**************************************************************
version 2

# basic configuration
config setup
	klipsdebug=none
	nat_traversal=yes
	plutodebug=none
	uniqueids=yes


conn %default
	authby=secret
	compress=no
	ikelifetime=28800s
	keyexchange=ike
	keylife=3600s
	pfs=no

conn Unknown_Host (WindowsXP)
      disablearrivalcheck=no
	left=66.213.254.50
	leftid=66.213.254.50
	leftnexthop=66.213.254.49
      right=%any
      rightnexthop=%defaultroute    
      auto=add                    

conn aicflorence (existing-1)
    left=66.213.254.50
    leftid=66.213.254.50
    leftnexthop=66.213.254.50
    right=%any
    rightnexthop=%defaultroute    
    rightsubnet=192.xxx.xxx.xxx
    auto=add                    

conn existing-2
    . (These are all the same except for the subnet)


include /etc/ipsec.d/examples/no_oe.conf 

*******************************************************************

With this configuration I seem to connect but cannot ping the internal ip of
the server.

Server log:
**********************************************************************
Apr 24 23:46:15 aicinsco pluto[16777]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:46:15 aicinsco pluto[16777]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:46:15 aicinsco pluto[16777]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106 
Apr 24 23:46:15 aicinsco pluto[16777]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9: I
did not send a certificate because I do not have one.
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:46:15 aicinsco pluto[16777]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
responding to Quick Mode {msgid:fa5169a6}
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
up-host output: Cannot open "/proc/sys/net/ipv4/route/flush"
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
route-host output: Cannot open "/proc/sys/net/ipv4/route/flush"
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Apr 24 23:46:15 aicinsco pluto[16777]: "Unknown_Host"[1] 71.111.122.235 #10:
STATE_QUICK_R2: IPsec SA established {ESP=>0x365bcfa7 <0x7353f5eb
xfrm=3DES_0-HMAC_SHA1 NATD=71.111.122.235:500 DPD=none}

************************************************************

If I add rightsubnet=192.xxx.xxx.xxx/255.255.255.255(server internal ip)  on
the Windows side it no longer trys to connect (no entries in the secure log
at all).

 The Windows log shows:
***************************************************************
4-24: 23:35:23:92:5a0 Acquire from driver: op=00000007 src=71.111.122.235.0
dst=66.213.254.50.0 proto = 0, SrcMask=255.255.255.255,
DstMask=255.255.255.255, Tunnel 1, TunnelEndpt=66.213.254.50 Inbound
TunnelEndpt=71.111.122.235
 4-24: 23:35:23:92:244 Filter to match: Src 66.213.254.50 Dst 71.111.122.235
 4-24: 23:35:23:102:244 MM PolicyName: 3
 4-24: 23:35:23:102:244 MMPolicy dwFlags 2 SoftSAExpireTime 28800
 4-24: 23:35:23:102:244 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
 4-24: 23:35:23:102:244 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
 4-24: 23:35:23:102:244 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
 4-24: 23:35:23:102:244 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
 4-24: 23:35:23:102:244 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 1
 4-24: 23:35:23:102:244 MMOffer[2] Encrypt: DES CBC Hash: SHA
 4-24: 23:35:23:102:244 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
 4-24: 23:35:23:102:244 MMOffer[3] Encrypt: DES CBC Hash: MD5
 4-24: 23:35:23:102:244 Auth[0]:PresharedKey KeyLen 24
 4-24: 23:35:23:102:244 QM PolicyName: Host-AIC filter action dwFlags 1
 4-24: 23:35:23:102:244 QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
 4-24: 23:35:23:102:244 QMOffer[0] dwFlags 0 dwPFSGroup 0
 4-24: 23:35:23:102:244  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
 4-24: 23:35:23:102:244 Starting Negotiation: src = 71.111.122.235.0500, dst
= 66.213.254.50.0500, proto = 00, context = 00000007, ProxySrc =
71.111.122.235.0000, ProxyDst = 66.213.254.50.0000 SrcMask = 255.255.255.255
DstMask = 255.255.255.255
 4-24: 23:35:23:102:244 constructing ISAKMP Header
 4-24: 23:35:23:102:244 constructing SA (ISAKMP)
 4-24: 23:35:23:102:244 Constructing Vendor MS NT5 ISAKMPOAKLEY
 4-24: 23:35:23:102:244 Constructing Vendor FRAGMENTATION
 4-24: 23:35:23:102:244 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
 4-24: 23:35:23:102:244 Constructing Vendor Vid-Initial-Contact
 4-24: 23:35:23:102:244 
 4-24: 23:35:23:102:244 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:23:102:244 ISAKMP Header: (V1.0), len = 276
 4-24: 23:35:23:102:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:23:102:244   R-COOKIE 0000000000000000
 4-24: 23:35:23:102:244   exchange: Oakley Main Mode
 4-24: 23:35:23:102:244   flags: 0
 4-24: 23:35:23:102:244   next payload: SA
 4-24: 23:35:23:102:244   message ID: 00000000
 4-24: 23:35:23:102:244 Ports S:f401 D:f401
 4-24: 23:35:23:182:244 
 4-24: 23:35:23:182:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:23:182:244 ISAKMP Header: (V1.0), len = 140
 4-24: 23:35:23:182:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:23:182:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:23:182:244   exchange: Oakley Main Mode
 4-24: 23:35:23:182:244   flags: 0
 4-24: 23:35:23:182:244   next payload: SA
 4-24: 23:35:23:182:244   message ID: 00000000
 4-24: 23:35:23:182:244 processing payload SA
 4-24: 23:35:23:182:244 Received Phase 1 Transform 1
 4-24: 23:35:23:182:244      Encryption Alg Triple DES CBC(5)
 4-24: 23:35:23:182:244      Hash Alg SHA(2)
 4-24: 23:35:23:182:244      Oakley Group 2
 4-24: 23:35:23:182:244      Auth Method Preshared Key(1)
 4-24: 23:35:23:182:244      Life type in Seconds
 4-24: 23:35:23:182:244      Life duration of 28800
 4-24: 23:35:23:182:244 Phase 1 SA accepted: transform=1
 4-24: 23:35:23:182:244 SA - Oakley proposal accepted
 4-24: 23:35:23:182:244 processing payload VENDOR ID
 4-24: 23:35:23:182:244 processing payload VENDOR ID
 4-24: 23:35:23:182:244 processing payload VENDOR ID
 4-24: 23:35:23:182:244 Received VendorId draft-ietf-ipsec-nat-t-ike-02
 4-24: 23:35:23:182:244 ClearFragList
 4-24: 23:35:23:182:244 constructing ISAKMP Header
 4-24: 23:35:23:232:244 constructing KE
 4-24: 23:35:23:232:244 constructing NONCE (ISAKMP)
 4-24: 23:35:23:232:244 Constructing NatDisc
 4-24: 23:35:23:232:244 
 4-24: 23:35:23:232:244 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:23:232:244 ISAKMP Header: (V1.0), len = 232
 4-24: 23:35:23:232:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:23:232:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:23:232:244   exchange: Oakley Main Mode
 4-24: 23:35:23:232:244   flags: 0
 4-24: 23:35:23:232:244   next payload: KE
 4-24: 23:35:23:232:244   message ID: 00000000
 4-24: 23:35:23:232:244 Ports S:f401 D:f401
 4-24: 23:35:23:312:244 
 4-24: 23:35:23:312:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:23:312:244 ISAKMP Header: (V1.0), len = 228
 4-24: 23:35:23:312:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:23:312:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:23:312:244   exchange: Oakley Main Mode
 4-24: 23:35:23:312:244   flags: 0
 4-24: 23:35:23:312:244   next payload: KE
 4-24: 23:35:23:312:244   message ID: 00000000
 4-24: 23:35:23:312:244 processing payload KE
 4-24: 23:35:23:332:244 processing payload NONCE
 4-24: 23:35:23:332:244 processing payload NATDISC
 4-24: 23:35:23:332:244 Processing NatHash
 4-24: 23:35:23:332:244 Nat hash 654f358e490df64db6e236b3c0ef48e1
 4-24: 23:35:23:332:244 7513f96b
 4-24: 23:35:23:332:244 SA StateMask2 f
 4-24: 23:35:23:332:244 processing payload NATDISC
 4-24: 23:35:23:332:244 Processing NatHash
 4-24: 23:35:23:332:244 Nat hash 9f3a78f336c697754f2bcc48e57ded77
 4-24: 23:35:23:332:244 3effbbf9
 4-24: 23:35:23:332:244 SA StateMask2 8f
 4-24: 23:35:23:332:244 ClearFragList
 4-24: 23:35:23:332:244 constructing ISAKMP Header
 4-24: 23:35:23:332:244 constructing ID
 4-24: 23:35:23:332:244 MM ID Type 1
 4-24: 23:35:23:332:244 MM ID 476f7aeb
 4-24: 23:35:23:332:244 constructing HASH
 4-24: 23:35:23:332:244 
 4-24: 23:35:23:332:244 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:23:332:244 ISAKMP Header: (V1.0), len = 68
 4-24: 23:35:23:332:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:23:332:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:23:332:244   exchange: Oakley Main Mode
 4-24: 23:35:23:332:244   flags: 1 ( encrypted )
 4-24: 23:35:23:332:244   next payload: ID
 4-24: 23:35:23:332:244   message ID: 00000000
 4-24: 23:35:23:332:244 Ports S:f401 D:f401
 4-24: 23:35:23:412:244 
 4-24: 23:35:23:412:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:23:412:244 ISAKMP Header: (V1.0), len = 68
 4-24: 23:35:23:412:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:23:412:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:23:412:244   exchange: Oakley Main Mode
 4-24: 23:35:23:412:244   flags: 1 ( encrypted )
 4-24: 23:35:23:412:244   next payload: ID
 4-24: 23:35:23:412:244   message ID: 00000000
 4-24: 23:35:23:412:244 processing payload ID
 4-24: 23:35:23:412:244 processing payload HASH
 4-24: 23:35:23:412:244 AUTH: Phase I authentication accepted
 4-24: 23:35:23:412:244 ClearFragList
 4-24: 23:35:23:412:244 MM established.  SA: 000FA260
 4-24: 23:35:23:412:244 QM PolicyName: Host-AIC filter action dwFlags 1
 4-24: 23:35:23:412:244 QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600
 4-24: 23:35:23:412:244 QMOffer[0] dwFlags 0 dwPFSGroup 0
 4-24: 23:35:23:412:244  Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
 4-24: 23:35:23:412:244 GetSpi: src = 66.213.254.50.0000, dst =
71.111.122.235.0000, proto = 00, context = 00000007, srcMask =
255.255.255.255, destMask = 255.255.255.255, TunnelFilter 1
 4-24: 23:35:23:412:244 Setting SPI  3076015393
 4-24: 23:35:23:412:244 constructing ISAKMP Header
 4-24: 23:35:23:412:244 constructing HASH (null)
 4-24: 23:35:23:412:244 constructing SA (IPSEC)
 4-24: 23:35:23:412:244 constructing NONCE (IPSEC)
 4-24: 23:35:23:412:244 constructing ID (proxy)
 4-24: 23:35:23:412:244 constructing ID (proxy)
 4-24: 23:35:23:412:244 constructing HASH (QM)
 4-24: 23:35:23:412:244 
 4-24: 23:35:23:412:244 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:23:412:244 ISAKMP Header: (V1.0), len = 164
 4-24: 23:35:23:412:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:23:412:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:23:412:244   exchange: Oakley Quick Mode
 4-24: 23:35:23:412:244   flags: 1 ( encrypted )
 4-24: 23:35:23:412:244   next payload: HASH
 4-24: 23:35:23:412:244   message ID: 16a11345
 4-24: 23:35:23:412:244 Ports S:f401 D:f401
 4-24: 23:35:23:493:244 
 4-24: 23:35:23:493:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:23:493:244 ISAKMP Header: (V1.0), len = 68
 4-24: 23:35:23:493:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:23:493:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:23:493:244   exchange: ISAKMP Informational Exchange
 4-24: 23:35:23:493:244   flags: 1 ( encrypted )
 4-24: 23:35:23:493:244   next payload: HASH
 4-24: 23:35:23:493:244   message ID: 330b9b4f
 4-24: 23:35:23:493:244 processing HASH (Notify/Delete)
 4-24: 23:35:23:493:244 processing payload NOTIFY
 4-24: 23:35:23:493:244 notify: INVALID-ID-INFORMATION
 4-24: 23:35:23:493:244 isadb_set_status sa:000FA260 centry:00000000 status
3601
 4-24: 23:35:24:684:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
1
 4-24: 23:35:24:684:5c0 
 4-24: 23:35:24:684:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:24:684:5c0 ISAKMP Header: (V1.0), len = 164
 4-24: 23:35:24:684:5c0   I-COOKIE f0c08e9044056879
 4-24: 23:35:24:684:5c0   R-COOKIE 637189af358a80ec
 4-24: 23:35:24:684:5c0   exchange: Oakley Quick Mode
 4-24: 23:35:24:684:5c0   flags: 1 ( encrypted )
 4-24: 23:35:24:684:5c0   next payload: HASH
 4-24: 23:35:24:684:5c0   message ID: 16a11345
 4-24: 23:35:24:684:5c0 Ports S:f401 D:f401
 4-24: 23:35:24:754:244 
 4-24: 23:35:24:754:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:24:754:244 ISAKMP Header: (V1.0), len = 68
 4-24: 23:35:24:754:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:24:754:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:24:754:244   exchange: ISAKMP Informational Exchange
 4-24: 23:35:24:754:244   flags: 1 ( encrypted )
 4-24: 23:35:24:754:244   next payload: HASH
 4-24: 23:35:24:754:244   message ID: e08b7117
 4-24: 23:35:24:754:244 processing HASH (Notify/Delete)
 4-24: 23:35:24:754:244 processing payload NOTIFY
 4-24: 23:35:24:754:244 notify: INVALID-MESSAGE-ID
 4-24: 23:35:24:754:244 Unknown Notify Message 9
 4-24: 23:35:26:687:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
2
 4-24: 23:35:26:687:5c0 
 4-24: 23:35:26:687:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:26:687:5c0 ISAKMP Header: (V1.0), len = 164
 4-24: 23:35:26:687:5c0   I-COOKIE f0c08e9044056879
 4-24: 23:35:26:687:5c0   R-COOKIE 637189af358a80ec
 4-24: 23:35:26:687:5c0   exchange: Oakley Quick Mode
 4-24: 23:35:26:687:5c0   flags: 1 ( encrypted )
 4-24: 23:35:26:687:5c0   next payload: HASH
 4-24: 23:35:26:687:5c0   message ID: 16a11345
 4-24: 23:35:26:687:5c0 Ports S:f401 D:f401
 4-24: 23:35:26:757:244 
 4-24: 23:35:26:757:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:26:757:244 ISAKMP Header: (V1.0), len = 68
 4-24: 23:35:26:757:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:26:757:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:26:757:244   exchange: ISAKMP Informational Exchange
 4-24: 23:35:26:757:244   flags: 1 ( encrypted )
 4-24: 23:35:26:757:244   next payload: HASH
 4-24: 23:35:26:757:244   message ID: 8d7217f4
 4-24: 23:35:26:767:244 processing HASH (Notify/Delete)
 4-24: 23:35:26:767:244 processing payload NOTIFY
 4-24: 23:35:26:767:244 notify: INVALID-MESSAGE-ID
 4-24: 23:35:26:767:244 Unknown Notify Message 9
 4-24: 23:35:30:693:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
3
 4-24: 23:35:30:693:5c0 
 4-24: 23:35:30:693:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:30:693:5c0 ISAKMP Header: (V1.0), len = 164
 4-24: 23:35:30:693:5c0   I-COOKIE f0c08e9044056879
 4-24: 23:35:30:693:5c0   R-COOKIE 637189af358a80ec
 4-24: 23:35:30:693:5c0   exchange: Oakley Quick Mode
 4-24: 23:35:30:693:5c0   flags: 1 ( encrypted )
 4-24: 23:35:30:693:5c0   next payload: HASH
 4-24: 23:35:30:693:5c0   message ID: 16a11345
 4-24: 23:35:30:693:5c0 Ports S:f401 D:f401
 4-24: 23:35:30:763:244 
 4-24: 23:35:30:763:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:30:763:244 ISAKMP Header: (V1.0), len = 68
 4-24: 23:35:30:763:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:30:763:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:30:763:244   exchange: ISAKMP Informational Exchange
 4-24: 23:35:30:763:244   flags: 1 ( encrypted )
 4-24: 23:35:30:763:244   next payload: HASH
 4-24: 23:35:30:763:244   message ID: 2e9b261d
 4-24: 23:35:30:763:244 processing HASH (Notify/Delete)
 4-24: 23:35:30:763:244 processing payload NOTIFY
 4-24: 23:35:30:763:244 notify: INVALID-MESSAGE-ID
 4-24: 23:35:30:763:244 Unknown Notify Message 9
 4-24: 23:35:38:704:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
4
 4-24: 23:35:38:704:5c0 
 4-24: 23:35:38:704:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:38:704:5c0 ISAKMP Header: (V1.0), len = 164
 4-24: 23:35:38:704:5c0   I-COOKIE f0c08e9044056879
 4-24: 23:35:38:704:5c0   R-COOKIE 637189af358a80ec
 4-24: 23:35:38:704:5c0   exchange: Oakley Quick Mode
 4-24: 23:35:38:704:5c0   flags: 1 ( encrypted )
 4-24: 23:35:38:704:5c0   next payload: HASH
 4-24: 23:35:38:704:5c0   message ID: 16a11345
 4-24: 23:35:38:704:5c0 Ports S:f401 D:f401
 4-24: 23:35:38:805:244 
 4-24: 23:35:38:805:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:38:805:244 ISAKMP Header: (V1.0), len = 68
 4-24: 23:35:38:805:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:38:805:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:38:805:244   exchange: ISAKMP Informational Exchange
 4-24: 23:35:38:805:244   flags: 1 ( encrypted )
 4-24: 23:35:38:805:244   next payload: HASH
 4-24: 23:35:38:805:244   message ID: 0c17f6bd
 4-24: 23:35:38:805:244 processing HASH (Notify/Delete)
 4-24: 23:35:38:805:244 processing payload NOTIFY
 4-24: 23:35:38:805:244 notify: INVALID-MESSAGE-ID
 4-24: 23:35:38:805:244 Unknown Notify Message 9
 4-24: 23:35:54:727:5c0 retransmit: sa = 000FA260 centry 000FA6D8 , count =
5
 4-24: 23:35:54:727:5c0 
 4-24: 23:35:54:727:5c0 Sending: SA = 0x000FA260 to 66.213.254.50:Type 2.500
 4-24: 23:35:54:727:5c0 ISAKMP Header: (V1.0), len = 164
 4-24: 23:35:54:727:5c0   I-COOKIE f0c08e9044056879
 4-24: 23:35:54:727:5c0   R-COOKIE 637189af358a80ec
 4-24: 23:35:54:727:5c0   exchange: Oakley Quick Mode
 4-24: 23:35:54:727:5c0   flags: 1 ( encrypted )
 4-24: 23:35:54:727:5c0   next payload: HASH
 4-24: 23:35:54:727:5c0   message ID: 16a11345
 4-24: 23:35:54:727:5c0 Ports S:f401 D:f401
 4-24: 23:35:54:798:244 
 4-24: 23:35:54:798:244 Receive: (get) SA = 0x000fa260 from
66.213.254.50.500
 4-24: 23:35:54:798:244 ISAKMP Header: (V1.0), len = 68
 4-24: 23:35:54:798:244   I-COOKIE f0c08e9044056879
 4-24: 23:35:54:798:244   R-COOKIE 637189af358a80ec
 4-24: 23:35:54:798:244   exchange: ISAKMP Informational Exchange
 4-24: 23:35:54:798:244   flags: 1 ( encrypted )
 4-24: 23:35:54:798:244   next payload: HASH
 4-24: 23:35:54:798:244   message ID: 779bf1a0
 4-24: 23:35:54:798:244 processing HASH (Notify/Delete)
 4-24: 23:35:54:798:244 processing payload NOTIFY
 4-24: 23:35:54:798:244 notify: INVALID-MESSAGE-ID
 4-24: 23:35:54:798:244 Unknown Notify Message 9

***********************************************************************  
Server log:
***********************************************************************
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106 
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9: I
did not send a certificate because I do not have one.
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
cannot respond to IPsec SA request because no connection is known for
66.213.254.50...71.111.122.235
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_ID_INFORMATION to 71.111.122.235:500
Apr 24 23:38:39 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:39 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:41 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:41 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:45 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:45 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:53 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:53 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:39:09 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:39:09 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:39:19 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
received Delete SA payload: deleting ISAKMP State #9
Apr 24 23:39:19 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235:
deleting connection "aicflorence" instance with peer 71.111.122.235
{isakmp=#0/ipsec=#0}
Apr 24 23:39:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received and ignored informational message
Apr 24 23:39:19 aicinsco pluto[16079]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to 71.111.122.235 port 500,
complainant 71.111.122.235: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106 
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
I did not send a certificate because I do not have one.
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
cannot respond to IPsec SA request because no connection is known for
66.213.254.50...71.111.122.235
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_ID_INFORMATION to 71.111.122.235:500
Apr 24 23:44:21 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:21 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:23 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:23 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:27 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:27 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:35 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:35 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:51 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:51 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:45:06 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
received Delete SA payload: deleting ISAKMP State #10
Apr 24 23:45:06 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235:
deleting connection "aicflorence" instance with peer 71.111.122.235
{isakmp=#0/ipsec=#0}
Apr 24 23:45:06 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received and ignored informational message
Apr 24 23:45:06 aicinsco pluto[16079]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to 71.111.122.235 port 500,
complainant 71.111.122.235: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106 
Apr 24 23:38:37 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:38:37 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9: I
did not send a certificate because I do not have one.
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
cannot respond to IPsec SA request because no connection is known for
66.213.254.50...71.111.122.235
Apr 24 23:38:38 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_ID_INFORMATION to 71.111.122.235:500
Apr 24 23:38:39 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:39 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:41 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:41 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:45 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:45 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:38:53 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:38:53 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:39:09 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x03e5ae83 (perhaps this is a duplicated packet)
Apr 24 23:39:09 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:39:19 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235 #9:
received Delete SA payload: deleting ISAKMP State #9
Apr 24 23:39:19 aicinsco pluto[16079]: "aicflorence"[5] 71.111.122.235:
deleting connection "aicflorence" instance with peer 71.111.122.235
{isakmp=#0/ipsec=#0}
Apr 24 23:39:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received and ignored informational message
Apr 24 23:39:19 aicinsco pluto[16079]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to 71.111.122.235 port 500,
complainant 71.111.122.235: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106 
Apr 24 23:44:19 aicinsco pluto[16079]: packet from 71.111.122.235:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
responding to Main Mode from unknown peer 71.111.122.235
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R1: sent MR1, expecting MI2
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Apr 24 23:44:19 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R2: sent MR2, expecting MI3
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Main mode peer ID is ID_IPV4_ADDR: '71.111.122.235'
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
I did not send a certificate because I do not have one.
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
cannot respond to IPsec SA request because no connection is known for
66.213.254.50...71.111.122.235
Apr 24 23:44:20 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_ID_INFORMATION to 71.111.122.235:500
Apr 24 23:44:21 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:21 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:23 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:23 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:27 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:27 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:35 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:35 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:44:51 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0x4513a116 (perhaps this is a duplicated packet)
Apr 24 23:44:51 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
sending encrypted notification INVALID_MESSAGE_ID to 71.111.122.235:500
Apr 24 23:45:06 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235 #10:
received Delete SA payload: deleting ISAKMP State #10
Apr 24 23:45:06 aicinsco pluto[16079]: "aicflorence"[6] 71.111.122.235:
deleting connection "aicflorence" instance with peer 71.111.122.235
{isakmp=#0/ipsec=#0}
Apr 24 23:45:06 aicinsco pluto[16079]: packet from 71.111.122.235:500:
received and ignored informational message
Apr 24 23:45:06 aicinsco pluto[16079]: ERROR: asynchronous network error
report on eth0 (sport=500) for message to 71.111.122.235 port 500,
complainant 71.111.122.235: Connection refused [errno 111, origin ICMP type
3 code 3 (not authenticated)]

****************************************************************************
*************

If I add leftsubnet=192.xxx.xxx.xxx/255.255.255.255(server internal ip) on
the server side it says:

cannot respond to IPsec SA request because no connection is known for
66.xxx.xxx.xxx               





More information about the Users mailing list