[Openswan Users] Site-to-site problem

sasa sasa at shoponweb.it
Tue Feb 13 05:42:04 EST 2007 

Hi, I have a problem with connection site-to-site, in log file on one site 
with openswan-2.4.4-1, I have:

Feb 13 09:44:05 fw pluto[2995]: "frattacis" #1: Informational Exchange 
message must be encrypted
Feb 13 09:44:08 fw pluto[2995]: packet from 88.149.xxx.xxx:500: Quick Mode 
message is for a non-existent (expired?) ISAKMP SA
Feb 13 09:44:08 fw pluto[2995]: packet from 88.149.xxx.xxx:500: Quick Mode 
message is for a non-existent (expired?) ISAKMP SA
Feb 13 09:44:12 fw pluto[2995]: "frattacis" #9: next payload type of ISAKMP 
Hash Payload has an unknown value: 223
Feb 13 09:44:12 fw pluto[2995]: "frattacis" #9: malformed payload in packet
Feb 13 09:44:12 fw pluto[2995]: | payload malformed after IV
Feb 13 09:44:12 fw pluto[2995]: |
Feb 13 09:44:12 fw pluto[2995]: "frattacis" #9: sending notification 
PAYLOAD_MALFORMED to 88.149.184.250:500
Feb 13 09:44:15 fw pluto[2995]: "frattacis" #1: Quick Mode I1 message is 
unacceptable because it uses a previously used Message ID 0xd7bcd81e 
(perhaps this is a duplicated packet)
Feb 13 09:44:15 fw pluto[2995]: "frattacis" #1: sending encrypted 
notification INVALID_MESSAGE_ID to 88.149.xxx.xxx:500
Feb 13 09:44:18 fw pluto[2995]: packet from 88.149.xxx.xxx:500: Quick Mode 
message is for a non-existent (expired?) ISAKMP SA
Feb 13 09:44:25 fw pluto[2995]: "frattacis" #10: discarding duplicate 
packet; already STATE_QUICK_I1

on second wite with openswan-2.4.7 I have:

Feb 13 09:53:16 fw pluto[2995]: ERROR: "frattacis" #26: pfkey write() of 
SADB_ADD message 55 for Add SA esp.38a1fdd1 at 82.104.yyy.yyy failed. Errno 22: 
Invalid argument



My ipsec.conf is:



config setup
       interfaces="ipsec0=eth0"

conn %default
 authby=rsasig

conn frattacis
  auto=start
  pfs=yes
 #sede left fratta
  left=82.104.yyy.yyy
  leftsubnet=192.168.1.0/24
  leftnexthop=82.104.yyy.yyx
        leftrsasigkey=0sAQO.....

 #sede right cis
  right=88.149.xxx.xxx
  rightsubnet=192.168.0.0/24
  rightnexthop=88.149.xxx.xxy    rightrsasigkey=0sAQPKdl3...

include /etc/ipsec.d/examples/no_oe.conf



Thanks.


------
Salvatore.

More information about the Users mailing list