[Openswan Users] IPSec auto up output
Vuppula, Srinivas
srinivas.vuppula at intel.com
Wed Nov 7 17:42:23 EST 2007
The following is the nmessage output of the command
ipsec auto --up net-to-net
It appears ISKAMP is established but i do not see message for ESP
stablished.
On my tcpdump also i see message packets with isakmp and not ESP as said
in the documentation. DOes this mean i have established IPSec connection
properly por something is missing....
Can anyone point what could be the problem..
sh-3.1# ipsec auto --up net-to-net
pluto[2699]: "net-to-net" #1: initiating Main Mode
104 "net-to-net" #1: STATE_MAIN_I1: initiate
pluto[2699]: "net-to-net" #1: received Vendor ID payload [Openswan (this
version
) 2.4.9 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
pluto[2699]: "net-to-net" #1: received Vendor ID payload [Dead Peer
Detection]
003 "net-to-net" #1: received Vendor ID payload [Openswan (this version)
2.4.9
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
003 "net-to-net" #1: received Vendor ID payload [Dead Peer Detection]
pluto[2699]: "net-to-net" #1: transition from state STATE_MAIN_I1 to
state STATE
_MAIN_I2
pluto[2699]: "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
106 "net-to-net" #1: STATE_MAIN_I2: sent MI2, expecting MR2
pluto[2699]: "net-to-net" #1: I did not send a certificate because I do
not have
one.
pluto[2699]: "net-to-net" #1: transition from state STATE_MAIN_I2 to
state STATE
_MAIN_I3
pluto[2699]: "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
108 "net-to-net" #1: STATE_MAIN_I3: sent MI3, expecting MR3
pluto[2699]: "net-to-net" #1: Main mode peer ID is ID_FQDN: '@right.com'
pluto[2699]: "net-to-net" #1: transition from state STATE_MAIN_I3 to
state STATE
_MAIN_I4
pluto[2699]: "net-to-net" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_
RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
pluto[2699]: "net-to-net" #2: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+UP
{using isakmp#1}
004 "net-to-net" #1: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_RSA_SIG c
ipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536}
117 "net-to-net" #2: STATE_QUICK_I1: initiate
pluto[2699]: "net-to-net" #2: ERROR: netlink response for Add SA
esp.552dee6a at 19
2.168.1.102 included errno 38: Function not implemented
003 "net-to-net" #2: ERROR: netlink response for Add SA
esp.552dee6a at 192.168.1.1
02 included errno 38: Function not implemented
032 "net-to-net" #2: STATE_QUICK_I1: internal error
pluto[2699]: packet from 192.168.1.101:500: Quick Mode message is for a
non-exis
tent (expired?) ISAKMP SA
010 "net-to-net" #2: STATE_QUICK_I1: retransmission; will wait 20s for
response
pluto[2699]: "net-to-net" #1: Informational Exchange message must be
encrypted
pluto[2699]: "net-to-net" #2: discarding duplicate packet; already
STATE_QUICK_I
1
003 "net-to-net" #2: discarding duplicate packet; already STATE_QUICK_I1
pluto[2699]: packet from 192.168.1.101:500: Quick Mode message is for a
non-exis
tent (expired?) ISAKMP SA
Srinivas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071107/e532b094/attachment-0001.html
More information about the Users
mailing list