[Openswan Users]
Openswan & Digicom Michelangelo Office Pro-V problems
Roberto Fichera
kernel at tekno-soft.it
Wed Feb 15 16:48:43 CET 2006
Hi All,
I'm getting the log below connecting last openswan 2.4.4 behind a
router, which forward
all the traffic to the openswan box, running on Fedora Core 3 with
all the updates.
/etc/ipsec.conf is
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
uniqueids=yes
interfaces=%defaultroute
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24,%v4:!192.168.10.0/24
# Add connections here
conn %default
disablearrivalcheck=no
authby=secret
keyingtries=0
keyexchange=ike
auth=esp
pfs=no
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
# Digicom Michelangelo Pro-V
conn vpn-digicom
left=KKK.XXX.ZZZ.YYY
leftsubnet=192.168.19.0/24
right=%defaultroute
rightsubnet=192.168.1.0/24
pfs=no
disablearrivalcheck=no
auto=add
authby=secret
------------------------------------
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: responding to Main Mode
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: STATE_MAIN_R1:
sent MR1, expecting MI2
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: STATE_MAIN_R2:
sent MR2, expecting MI3
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: Main mode peer
ID is ID_IPV4_ADDR: 'KKK.XXX.ZZZ.YYY'
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: I did not send a
certificate because I do not have one.
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 15 16:33:34 vpn pluto[11353]: "vpn-digicom" #13: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Feb 15 16:33:39 vpn pluto[11353]: "vpn-digicom" #13: retransmitting
in response to duplicate packet; already STATE_MAIN_R3
Feb 15 16:33:43 vpn pluto[11353]: "vpn-digicom" #13: retransmitting
in response to duplicate packet; already STATE_MAIN_R3
Feb 15 16:33:47 vpn pluto[11353]: "vpn-digicom" #13: discarding
duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
Feb 15 16:34:07 vpn last message repeated 5 times
Feb 15 16:34:11 vpn pluto[11353]: "vpn-digicom" #14: responding to Main Mode
Feb 15 16:34:11 vpn pluto[11353]: "vpn-digicom" #14: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Feb 15 16:34:11 vpn pluto[11353]: "vpn-digicom" #14: STATE_MAIN_R1:
sent MR1, expecting MI2
Feb 15 16:34:11 vpn pluto[11353]: "vpn-digicom" #14: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Feb 15 16:34:11 vpn pluto[11353]: "vpn-digicom" #14: STATE_MAIN_R2:
sent MR2, expecting MI3
Feb 15 16:34:12 vpn pluto[11353]: "vpn-digicom" #14: Main mode peer
ID is ID_IPV4_ADDR: 'KKK.XXX.ZZZ.YYY'
Feb 15 16:34:12 vpn pluto[11353]: "vpn-digicom" #14: I did not send a
certificate because I do not have one.
Feb 15 16:34:12 vpn pluto[11353]: "vpn-digicom" #14: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 15 16:34:12 vpn pluto[11353]: "vpn-digicom" #14: STATE_MAIN_R3:
sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Feb 15 16:34:16 vpn pluto[11353]: "vpn-digicom" #14: retransmitting
in response to duplicate packet; already STATE_MAIN_R3
Feb 15 16:34:20 vpn pluto[11353]: "vpn-digicom" #14: retransmitting
in response to duplicate packet; already STATE_MAIN_R3
Feb 15 16:34:24 vpn pluto[11353]: "vpn-digicom" #14: discarding
duplicate packet -- exhausted retransmission; already STATE_MAIN_R3
------------------------------------
ipsec auto --status relevant part:
000 "vpn-digicom":
192.168.1.0/24===192.168.1.101---192.168.1.1...KKK.XXX.ZZZ.YYY===192.168.19.0/24;
unrouted; eroute owner: #0
000 "vpn-digicom": srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "vpn-digicom": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "vpn-digicom": policy: PSK+ENCRYPT+TUNNEL; prio: 24,24; interface: eth0;
000 "vpn-digicom": newest ISAKMP SA: #15; newest IPsec SA: #0;
000 "vpn-digicom": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
...
...
000 #13: "vpn-digicom":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 3010s; nodpd
000 #14: "vpn-digicom":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 3048s; nodpd
000 #15: "vpn-digicom":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 3084s; newest ISAKMP; nodpd
Any tips to solve the problem?
Thanks in advance,
Roberto Fichera.
More information about the Users
mailing list