[Openswan Users] netlink XFRM_MSG_NEWPOLICY response for flow

Marco Berizzi pupilla at hotmail.com
Tue Nov 7 10:24:26 EST 2006 

This morning  (03:43:45) I have rebooted (for kernel
update) one of my company ipsec gateway (ip_genova).
Before shutting down the system, I have issued 'ipsec
setup stop'. On mimosa (another ipsec gateway) I have
seen this error again. Here is /var/log/secure:

Nov  7 03:43:01 Mimosa pluto[690]: "genova" #9099: received Delete SA 
payload: replace IPSEC State #9010 in 10 seconds
Nov  7 03:43:01 Mimosa pluto[690]: "genova" #9099: received and ignored 
informational message
Nov  7 03:43:01 Mimosa pluto[690]: "genova" #9099: received Delete SA 
payload: deleting ISAKMP State #9099
Nov  7 03:43:01 Mimosa pluto[690]: packet from ip_genova:500: received and 
ignored informational message
Nov  7 03:43:11 Mimosa pluto[690]: "genova" #9108: initiating Main Mode
Nov  7 03:43:21 Mimosa pluto[690]: "genova" #9010: IPsec SA expired 
(LATEST!)
Nov  7 03:43:30 Mimosa pluto[690]: initiate on demand from 172.18.1.25:0 to 
172.23.1.68:0 proto=0 state: fos_start because: acquire
Nov  7 03:43:30 Mimosa pluto[690]: initiate on demand from 172.18.1.208:0 to 
172.23.1.2:0 proto=0 state: fos_start because: acquire
Nov  7 03:43:59 Mimosa pluto[690]: packet from ip_genova:500: received 
Vendor ID payload [Openswan (this version) 2.4.6  X.509-1.5.4 
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
Nov  7 03:43:59 Mimosa pluto[690]: packet from ip_genova:500: received 
Vendor ID payload [Dead Peer Detection]
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: responding to Main Mode
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: transition from state 
STATE_MAIN_R0 to state STATE_MAIN_R1
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: STATE_MAIN_R1: sent MR1, 
expecting MI2
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: transition from state 
STATE_MAIN_R1 to state STATE_MAIN_R2
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: STATE_MAIN_R2: sent MR2, 
expecting MI3
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: Main mode peer ID is 
ID_USER_FQDN: 'fsw-genova at your.domain'
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: crl update for "C=IT, 
ST=Venezia, L=Ma, O=mycompany S.p.A., OU=Informatica e Organizzazione, 
CN=mycompany, E=postmaster at your.domain" is overdue since Dec 07 15:02:04 UTC 
2003
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: I am sending my cert
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: transition from state 
STATE_MAIN_R2 to state STATE_MAIN_R3
Nov  7 03:43:59 Mimosa pluto[690]: "genova" #9109: STATE_MAIN_R3: sent MR3, 
ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 
prf=oakley_md5 group=modp1536}
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9110: responding to Quick Mode 
{msgid:3b4e7d7c}
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9110: transition from state 
STATE_QUICK_R0 to state STATE_QUICK_R1
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9110: STATE_QUICK_R1: sent QR1, 
inbound IPsec SA installed, expecting QI2
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9111: responding to Quick Mode 
{msgid:471804ff}
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9111: ERROR: netlink 
XFRM_MSG_NEWPOLICY response for flow tun.10000 at mimosa included errno 17: 
File exists
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9111: transition from state 
STATE_QUICK_R0 to state STATE_QUICK_R1
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9111: STATE_QUICK_R1: sent QR1, 
inbound IPsec SA installed, expecting QI2
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9110: transition from state 
STATE_QUICK_R1 to state STATE_QUICK_R2
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9110: STATE_QUICK_R2: IPsec SA 
established {ESP=>0x631e80db <0x7e7b82ee xfrm=AES_0-HMAC_SHA1 
IPCOMP=>0x000051f3 <0x0000e2b8 NATD=none DPD=none}
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9111: transition from state 
STATE_QUICK_R1 to state STATE_QUICK_R2
Nov  7 03:44:00 Mimosa pluto[690]: "genova" #9111: STATE_QUICK_R2: IPsec SA 
established {ESP=>0x8db8893b <0xa6458b3a xfrm=AES_0-HMAC_SHA1 
IPCOMP=>0x000022d9 <0x00001b1d NATD=none DPD=none}
Nov  7 03:44:21 Mimosa pluto[690]: "genova" #9108: received Vendor ID 
payload [Openswan (this version) 2.4.6  X.509-1.5.4 PLUTO_SENDS_VENDORID 
PLUTO_USES_KEYRR]
Nov  7 03:44:21 Mimosa pluto[690]: "genova" #9108: received Vendor ID 
payload [Dead Peer Detection]
Nov  7 03:44:21 Mimosa pluto[690]: "genova" #9108: transition from state 
STATE_MAIN_I1 to state STATE_MAIN_I2
Nov  7 03:44:21 Mimosa pluto[690]: "genova" #9108: STATE_MAIN_I2: sent MI2, 
expecting MR2
Nov  7 03:44:21 Mimosa pluto[690]: "genova" #9108: I am sending my cert
Nov  7 03:44:21 Mimosa pluto[690]: "genova" #9108: I am sending a 
certificate request
Nov  7 03:44:21 Mimosa pluto[690]: "genova" #9108: transition from state 
STATE_MAIN_I2 to state STATE_MAIN_I3
Nov  7 03:44:21 Mimosa pluto[690]: "genova" #9108: STATE_MAIN_I3: sent MI3, 
expecting MR3
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9108: Main mode peer ID is 
ID_USER_FQDN: 'fsw-genova at your.domain'
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9108: crl update for "C=IT, 
ST=Venezia, L=Ma, O=mycompany S.p.A., OU=Informatica e Organizzazione, 
CN=mycompany, E=postmaster at your.domain" is overdue since Dec 07 15:02:04 UTC 
2003
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9108: transition from state 
STATE_MAIN_I3 to state STATE_MAIN_I4
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9108: STATE_MAIN_I4: ISAKMP SA 
established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 
group=modp1536}
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9112: initiating Quick Mode 
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#9108}
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9113: initiating Quick Mode 
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#9108}
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9114: initiating Quick Mode 
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#9108}
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9112: transition from state 
STATE_QUICK_I1 to state STATE_QUICK_I2
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9112: STATE_QUICK_I2: sent QI2, 
IPsec SA established {ESP=>0xcf01419a <0xead18f78 xfrm=AES_0-HMAC_SHA1 
IPCOMP=>0x000005ae <0x00000ba7 NATD=none DPD=none}
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9113: transition from state 
STATE_QUICK_I1 to state STATE_QUICK_I2
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9113: STATE_QUICK_I2: sent QI2, 
IPsec SA established {ESP=>0x169f13ac <0xe719c7fa xfrm=AES_0-HMAC_SHA1 
IPCOMP=>0x00003d97 <0x0000d0c8 NATD=none DPD=none}
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9114: transition from state 
STATE_QUICK_I1 to state STATE_QUICK_I2
Nov  7 03:44:22 Mimosa pluto[690]: "genova" #9114: STATE_QUICK_I2: sent QI2, 
IPsec SA established {ESP=>0x7095856b <0x63b189f1 xfrm=AES_0-HMAC_SHA1 
IPCOMP=>0x0000c76a <0x00005bc7 NATD=none DPD=none}

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the Users mailing list