[Openswan Users] Intermitent Connection

Pablo García malevo at gmail.com
Thu Jun 29 18:03:22 CEST 2006


Paul, you're right, the tunnel is stablished but the traffic isn't being
encripted, any idea of why ?

Thanks a lot, Pablo

On 6/29/06, Paul Wouters <paul at xelerance.com> wrote:
>
> On Thu, 29 Jun 2006, Pablo García wrote:
>
> > Hi, I'm a newbie about IPSEC tunnels, I created a tunel between a Linux
> > 2.6.16.20 on a Fedora Core 5, and a PIX Firewall 535 running soft ver
> 6.1,
> > using psk as a method of authentication.
> > The tunnel seems to work fine, but I have intermitent reconnections and
> > that's affecting my users, I'm getting this errors in the
> /var/log/secure
> >
> > UNKNOWN: Jun 28 22:55:41 routertech pluto[1818]: "tunnelipsec" #210:
> > STATE_MAIN_R1: sent MR1, expecting MI2
> > UNKNOWN: Jun 28 22:55:41 routertech pluto[1818]: "tunnelipsec" #210:
> > ignoring unknown Vendor ID payload [9de3cb4613dd369d66383473f87da32a]
> > UNKNOWN: Jun 28 22:55:41 routertech pluto[1818]: "tunnelipsec" #210:
> > ignoring Vendor ID payload [Cisco VPN 3000 Series]
> > UNKNOWN: Jun 28 22:55:41 routertech pluto[1818]: "tunnelipsec" #210:
> > STATE_MAIN_R2: sent MR2, expecting MI3
> > UNKNOWN: Jun 28 22:55:42 routertech pluto[1818]: "tunnelipsec" #210: I
> did
> > not send a certificate because I do not have one.
> > UNKNOWN: Jun 28 23:40:41 routertech pluto[1818]: "tunnelipsec" #211:
> > STATE_MAIN_R1: sent MR1, expecting MI2
> > UNKNOWN: Jun 28 23:40:41 routertech pluto[1818]: "tunnelipsec" #211:
> > ignoring unknown Vendor ID payload
>
> Are you sure it is working at all, and your packets aren't going plaintext
> all
> the time?
>
> > Anyone have an idea of what might be happening ? or where's the source
> of
> > this messages?
>
> One possible explenation is that initiator and responder switch, and only
> when
> openswan is the responder that there is a failure. Try setting openswan's
> ikelifetime= to less then 1 hour to force openswan to stay an initiator,
> and see what happens.
>
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060629/b096bdd4/attachment-0001.htm


More information about the Users mailing list