[Openswan Users] STATE_QUICK_I1 stuck
Paul Wouters
paul at xelerance.com
Mon Jan 9 16:40:53 CET 2006
On Mon, 9 Jan 2006, Michael Jeffries wrote:
> I have been looking on the web and your mailing list but have not gotten any real answers to my problem yet.
>
> I get the following error message when trying to start up my IPSec Tunnel. I am trying to do this with PSK. Now most of the links I got on the net states that if it stucks at STATE_QUICK_I1, it is because the subnets are incorrect. I have checked my etc/ipsec.d/policy/ files and they look fine.
> conn tunnelipsec
> type=tunnel
> left=10.3.1.9 # Local ip
> leftsubnet=10.3.1.0/24 #Local network
> right=10.100.10.111 #Remote ip address
> rightsubnet=155.236.47.0/24 # Remote network
> authby=secret
> auto=add
> pfs=no
> 002 "tunnelipsec" #15: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
> 004 "tunnelipsec" #15: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
> 002 "tunnelipsec" #17: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#15}
> 117 "tunnelipsec" #17: STATE_QUICK_I1: initiate
> 010 "tunnelipsec" #17: STATE_QUICK_I1: retransmission; will wait 20s for response
> 010 "tunnelipsec" #17: STATE_QUICK_I1: retransmission; will wait 40s for response
> 031 "tunnelipsec" #17: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
You need to check the logs on the other end, since that peer is rejecting your proposal.
Paul
More information about the Users
mailing list