[Openswan Users] missing dir in and dir fwd policy on netkey

Marco Berizzi pupilla at hotmail.com
Thu Dec 27 10:44:30 EST 2007


Openswan doesn't create the policy 'dir in' and
'dir fwd' on netkey when it try to rekeing an
existing instance due to acquire.
Here is the log:

responding to Main Mode from unknown peer X.X.X.X
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
STATE_MAIN_R1: sent MR1, expecting MI2
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT
detected
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
STATE_MAIN_R2: sent MR2, expecting MI3
Main mode peer ID is ID_DER_ASN1_DN: 'certificate'
I am sending my cert
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
responding to Quick Mode {msgid:cc85c2c3}
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
rekeing existing instance "rw"[11] X.X.X.X, due to acquire
initiate on demand from 172.16.1.81:0 to X.X.X.X:0 proto=0 state:
fos_start because: acquire

After those two messages, openswan place only
the 'dir out' policy.
Openswan 2.4.11 running on linux 2.6.23.11




More information about the Users mailing list