[Openswan Users] Key replaceing

Christian Herzberg christian.herzberg at gmx.net
Sun Dec 2 14:21:22 EST 2007 

Hi,

I am now to this list an d I hope to get help with openswan, or just an idea.

I had set up one tunnel between to sites. One site is running openswan Linux Openswan U2.4.4/K2.6.16.13-4-default (netkey)on an Suse Linux 9.3 and the other site is an Linksys WRV200. I guess it is also an openswan.

This is my openswan configuration. The small time for keylife is just for test reason.


conn static_linksys_to_freeswan
        right=192.168.178.9
        rightsubnet=192.168.200.0/24
        rightnexthop=192.168.178.1
        left=192.168.178.90
        leftsubnet=192.168.1.0/24
        leftnexthop=192.168.178.1
        keyexchange=ike
        ikelifetime=240m
        keylife=1200
        pfs=yes
        compress=no
        authby=secret
        auto=add

The other config on the WRV200 is.

Local Secure Group
     192.168.1.0
     255.255.255.0

Remote Secure Gateway
     192.168.178.9


Key Management
    Key Exchange Method:  Auto (IKE)
    Encription:           3DES
    Authentication        MD5
    Pre-Shared-Key:       kfjfljsfjslfslk
    PFS:                  enabled
    ISAKMP Key Lifetime:  28800
    IPsec Key Lifetime:   1200

Tunnel Options
    Dead Peer Detection   enabled
    Detect Delay:         30
    Detection Timeout:    120
    DPD Action:           Recover Connection
    If IKE faild mote then 5 times, block this unautherized ip for 60 seconds
    Anti-replay enabled


The tunnel is working fine but after some time I get the following error messages to /var/log/messages 

Dec  2 20:18:32 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: ignoring informational payload, type INVALID_MESSAGE_ID
Dec  2 20:18:32 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: received and ignored informational message
Dec  2 20:19:07 linux-main pluto[1012]: "static_linksys_to_freeswan" #63: max number of retransmissions (2) reached STATE_QUICK_I1
Dec  2 20:19:07 linux-main pluto[1012]: "static_linksys_to_freeswan" #63: starting keying attempt 43 of an unlimited number
Dec  2 20:19:07 linux-main pluto[1012]: "static_linksys_to_freeswan" #65: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #63 {using isakmp#21}
Dec  2 20:19:07 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Dec  2 20:19:07 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: received and ignored informational message
Dec  2 20:19:12 linux-main pluto[1012]: "static_linksys_to_freeswan" #64: max number of retransmissions (2) reached STATE_QUICK_I1
Dec  2 20:19:12 linux-main pluto[1012]: "static_linksys_to_freeswan" #64: starting keying attempt 15 of an unlimited number
Dec  2 20:19:12 linux-main pluto[1012]: "static_linksys_to_freeswan" #66: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #64 {using isakmp#21}
Dec  2 20:19:13 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Dec  2 20:19:13 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: received and ignored informational message
Dec  2 20:19:17 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: ignoring informational payload, type INVALID_MESSAGE_ID


I have no idea what the problem is about. Any ideas?

Thank your for your help.

Cheers
Christian

More information about the Users mailing list