[Openswan Users] comm_handle error

Juan Pablo jp.espino at gmail.com
Tue Jan 16 14:11:40 EST 2007


I upgraded to Openswan 2.4.2 and I got other difficulties. I got 31 of
200 roadwarrior connections that never established an IPsec tunnel
with the following messages:

2007:01:12-17:32:24 (none) pluto[4675]: "D_XXX539_0"[362]
#20558: STATE_MAIN_R2: sent MR2, expecting MI3
2007:01:12-17:32:37 (none) pluto[4675]: "D_XXX539_0"[362]
#20321: max number of retransmissions (2) reached STATE_MAIN_R2

Also when the first phase 1 re-negotiation ocurred all the connections
go down. I'm natting, so from some ethereal captures I suspect there
is a problem changing the UDP port from 500 to 4500 during the phase
1. I wonder if it is a known problem with this version of Openswan?,
Some ideas?

Thanks for helping.


Further information:
-IPsec VPN clients: Safenet HA Remote 1.4
-Openswan 2.42.

On 1/12/07, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 11 Jan 2007, Juan Pablo Espino wrote:
> > > That's like 4 year old code. Upgrade?
> > >
> >
> > Yeap I agree but my problem is that I have to convince some people at
> > my work who don't know anything about technology.
> >
> > I know there have been many improvements and new features from
> > freeswan 1.99 to current versions of openswan: NAT-T RFC complainant,
> > Dead peer detection, opportunistic encryption, etc, etc., but how can
> > I argue that a new version is going to manage well our vpn connections
> > and it isn't going to crash like our actual system. Thanks for
> > helping.
> Install it on a new PC, and hotswap it? If it would be worse swap it back?
> Paul
> --
> Building and integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list