[Openswan Users] Key replaceing

Paul Wouters paul at xelerance.com
Tue Dec 4 17:19:02 EST 2007


On Tue, 4 Dec 2007, Christian Herzberg wrote:

> >> The tunnel is working fine but after some time I get the following error messages to /var/log/messages
> >>
> >> Dec  2 20:18:32 linux-main pluto[1012]: "static_linksys_to_freeswan" #21: ignoring informational payload, type INVALID_MESSAGE_ID
> >>
> >
> > Looks like a rekey bug in the other end. Check its logs what it is expecting and what it is getting.
> >
> > Paul
> Hi Paul,
>
> the other end is very quiet. The logs looks like this:

These two logs don't match up. The end that is sending the INVALID_MESSAGE_ID
will log why it is sending that too. So you missed the right log message.

Paul

> 000 "TunnelA":     srcip=unset; dstip=unset; srcup=ipsec _updown;
> dstup=ipsec _updown;
> 000 "TunnelA":   ike_life: 28800s; ipsec_life: 1200s; rekey_margin: 60s;
> rekey_fuzz: 100%; keyingtries: 5
> 000 "TunnelA":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24;
> interface: eth0;
> 000 "TunnelA":   dpd: action:restart; delay:30; timeout:120;
> 000 "TunnelA":   newest ISAKMP SA: #1; newest IPsec SA: #2;
> 000 "TunnelA":   IKE algorithms wanted: 5_000-1-2, flags=-strict
> 000 "TunnelA":   IKE algorithms found:  5_192-1_096-2,
> 000 "TunnelA":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
> 000 "TunnelA":   ESP algorithms wanted: 3_000-1, flags=strict
> 000 "TunnelA":   ESP algorithms loaded: 3_000-1, flags=strict
> 000 "TunnelA":   ESP algorithm newest: 3DES_0-HMAC_MD5; pfsgroup=<Phase1>
> 000 #2: "TunnelA":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
> EVENT_SA_REPLACE in 983s; newest IPSEC; eroute owner
> 000 #2: "TunnelA" esp.12c09c54 at 192.168.178.9 esp.f7276212 at 192.168.178.90
> tun.1002 at 192.168.178.9 tun.1001 at 192.168.178.90
> 000 #1: "TunnelA":500 STATE_MAIN_I4 (ISAKMP SA established);
> EVENT_SA_REPLACE in 28564s; newest ISAKMP; lastdpd=4s(seq in:0 out:0)
>
> I can´t see any spezial.
>
> Any ideas?
>
> Thanks
> Christian
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list