[Openswan Users] Key replaceing

Christian Herzberg cherzberg at gmx.de
Tue Dec 4 16:58:55 EST 2007

Paul Wouters schrieb:
> On Sun, 2 Dec 2007, Christian Herzberg wrote:
>> The tunnel is working fine but after some time I get the following error messages to /var/log/messages
>> Dec  2 20:18:32 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: ignoring informational payload, type INVALID_MESSAGE_ID
> Looks like a rekey bug in the other end. Check its logs what it is expecting and what it is getting.
> Paul
Hi Paul,

the other end is very quiet. The logs looks like this:

000 "TunnelA":     srcip=unset; dstip=unset; srcup=ipsec _updown; 
dstup=ipsec _updown;
000 "TunnelA":   ike_life: 28800s; ipsec_life: 1200s; rekey_margin: 60s; 
rekey_fuzz: 100%; keyingtries: 5
000 "TunnelA":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; 
interface: eth0;
000 "TunnelA":   dpd: action:restart; delay:30; timeout:120;
000 "TunnelA":   newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "TunnelA":   IKE algorithms wanted: 5_000-1-2, flags=-strict
000 "TunnelA":   IKE algorithms found:  5_192-1_096-2,
000 "TunnelA":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
000 "TunnelA":   ESP algorithms wanted: 3_000-1, flags=strict
000 "TunnelA":   ESP algorithms loaded: 3_000-1, flags=strict
000 "TunnelA":   ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
000 #2: "TunnelA":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); 
EVENT_SA_REPLACE in 983s; newest IPSEC; eroute owner
000 #2: "TunnelA" esp.12c09c54 at esp.f7276212 at 
tun.1002 at tun.1001 at
000 #1: "TunnelA":500 STATE_MAIN_I4 (ISAKMP SA established); 
EVENT_SA_REPLACE in 28564s; newest ISAKMP; lastdpd=4s(seq in:0 out:0)

I can´t see any spezial.

Any ideas?


More information about the Users mailing list