[Openswan Users] DPD iritating warnings and X509 problem
Radosław Antoniuk
r.antoniuk at pixel.com.pl
Tue Oct 17 04:24:00 EDT 2006
hello,
First trivial problem is:
Is it possible to turn off the DPD messages?
I'm getting a lot of
"pix2" #271: DPD: Warning: R_U_THERE_ACK has invalid rcookie
and it's getting me dizzy... :/
The second problem is bigger. I have a nice ipsec+l2tpns installation on
debian.The problem is that sometimes, after a successful (!)
disconnection of the tunnels (both - ipsec+l2tp), openswan doesn't
notice it and keeps track to the other gateway's IP thus making it
impossible to communicate with itself without ipsec. ipsec auto
--replace conn takes care of the problem but that's not the way.It's a
bug I think. It looks like this:
000 #1334: pending Phase 2 for "X509"[4] 217.116.110.1 replacing #757
000 #1335: "X509"[6] 217.116.110.1:500 STATE_MAIN_I1 (sent MI1,
expecting MR1); EVENT_RETRANSMIT in 26s; nodpd
000 #1336: "X509"[8] 217.113.239.1:500 STATE_MAIN_I1 (sent MI1,
expecting MR1); EVENT_RETRANSMIT in 19s; nodpd
000 #1336: pending Phase 2 for "X509"[8] 217.113.239.1 replacing #1190
000 #1336: pending Phase 2 for "X509"[8] 217.113.239.1 replacing #1189
000 #1336: pending Phase 2 for "X509"[8] 217.113.239.1 replacing #1187
000 #1336: pending Phase 2 for "X509"[8] 217.113.239.1 replacing #0
And it does not timeout, it's just hanging like this until ipsec restart
or --replace/down/up.
Moreinfo:
ipsec setup --version
ipsec setup 2.4.6
Linux host 2.6.18ipsec2
--
Best regards,
Radek Antoniuk
More information about the Users
mailing list