[Openswan Users] Crypto Failed

Salvatore sasa at shoponweb.it
Fri Feb 23 06:22:51 EST 2007 

Hi, I have a problem with site-to-site connectio about crypto:

000 #18: "frattacis":500 STATE_QUICK_I1 (sent QI1, expecting QR1); 
EVENT_RETRANSMIT in 18s; lastdpd=-1s(seq in:0 out:0)
000 #3: "frattacis":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); 
EVENT_SA_REPLACE in 2885s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)
000 #20: "frattacis":500 STATE_QUICK_R0 (expecting QI1); EVENT_CRYPTO_FAILED 
in 292s; lastdpd=-1s(seq in:0 out:0)
000 #19: "frattacis":500 STATE_QUICK_R0 (expecting QI1);
...
EVENT_SA_REPLACE in 2452s; lastdpd=-1s(seq in:0 out:0)

I use openswan-2.4.7 on kernel 2.4 with klips (and nat-t) patch, and my 
ipsec.conf is:

conn frattacis
auto=start
authby=rsasig
pfs=yes
left=82.xxx.xxx.xxx
leftsubnet=192.168.1.0/24
leftnexthop=82.xxx.xxx.yyy     leftrsasigkey=0sAQONo3...
right=88.yyy.yyy.yyy
rightsubnet=192.168.0.0/24
rightnexthop=88.yyy.yyy.xxx    rightrsasigkey=0sAQPKdl...

In log file:

Feb 23 09:38:30 fw pluto[1179]: "frattacis" #12: discarding duplicate 
packet; already STATE_QUICK_I1
Feb 23 09:38:30 fw pluto[1179]: "frattacis" #1: Quick Mode I1 message is 
unacceptable because it uses a previously used Message ID 0x0edaab67 
(perhaps this is a duplicated packet)
Feb 23 09:38:30 fw pluto[1179]: "frattacis" #1: sending encrypted 
notification INVALID_MESSAGE_ID to 88.yyy.yyy.yyy:500
Feb 23 09:38:30 fw pluto[1179]: "frattacis" #3: Informational Exchange 
message must be encrypted
Feb 23 09:38:38 fw pluto[1179]: "frattacis" #13: next payload type of ISAKMP 
Hash Payload has an unknown value: 249
Feb 23 09:38:38 fw pluto[1179]: "frattacis" #13: malformed payload in packet
Feb 23 09:38:38 fw pluto[1179]: | payload malformed after IV
Feb 23 09:38:38 fw pluto[1179]: |
Feb 23 09:38:38 fw pluto[1179]: "frattacis" #13: sending notification 
PAYLOAD_MALFORMED to 88.xxx.xxx.xxx:500
Feb 23 09:38:40 fw pluto[1179]: "frattacis" #3: Quick Mode I1 message is 
unacceptable because it uses a previously used Message ID 0x13cffb96 
(perhaps this is a duplicated packet)
Feb 23 09:38:40 fw pluto[1179]: "frattacis" #3: sending encrypted 
notification INVALID_MESSAGE_ID to 88.yyy.yyy.yyy:500
Feb 23 09:38:44 fw pluto[1179]: "frattacis" #14: responding to Quick Mode 
{msgid:befe022e}
Feb 23 09:38:44 fw pluto[1179]: ERROR: "frattacis" #14: pfkey write() of 
SADB_ADD message 29 for Add SA esp.cb366a46 at 82.xxx.xxx.xxx failed. Errno 22: 
Invalid argument

Thanks.

------
Salvatore.

More information about the Users mailing list