[Openswan Users] Key replaceing
Christian Herzberg
cherzberg at gmx.de
Tue Dec 4 16:58:55 EST 2007
Paul Wouters schrieb:
> On Sun, 2 Dec 2007, Christian Herzberg wrote:
>
>
>> The tunnel is working fine but after some time I get the following error messages to /var/log/messages
>>
>> Dec 2 20:18:32 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: ignoring informational payload, type INVALID_MESSAGE_ID
>>
>
> Looks like a rekey bug in the other end. Check its logs what it is expecting and what it is getting.
>
> Paul
Hi Paul,
the other end is very quiet. The logs looks like this:
000 "TunnelA": srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "TunnelA": ike_life: 28800s; ipsec_life: 1200s; rekey_margin: 60s;
rekey_fuzz: 100%; keyingtries: 5
000 "TunnelA": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24;
interface: eth0;
000 "TunnelA": dpd: action:restart; delay:30; timeout:120;
000 "TunnelA": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "TunnelA": IKE algorithms wanted: 5_000-1-2, flags=-strict
000 "TunnelA": IKE algorithms found: 5_192-1_096-2,
000 "TunnelA": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
000 "TunnelA": ESP algorithms wanted: 3_000-1, flags=strict
000 "TunnelA": ESP algorithms loaded: 3_000-1, flags=strict
000 "TunnelA": ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000 #2: "TunnelA":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 983s; newest IPSEC; eroute owner
000 #2: "TunnelA" esp.12c09c54 at 192.168.178.9 esp.f7276212 at 192.168.178.90
tun.1002 at 192.168.178.9 tun.1001 at 192.168.178.90
000 #1: "TunnelA":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 28564s; newest ISAKMP; lastdpd=4s(seq in:0 out:0)
I can´t see any spezial.
Any ideas?
Thanks
Christian
More information about the Users
mailing list