[Openswan Users] pfkey_msg_build of Add SA esp.xxxxxx at xxx.xxx.xxx.xxx failed, code -22

Rubén Fuentes rcfuentes at centauritech.com
Mon Aug 11 17:27:18 EDT 2008 

Hi,

 

I have a problem between Freeswan and haremote client in a Roadwarrior
configuration.  The Haremote client begins the connection, they use nat-t
draft-02, float to ports 4500,4500 and everything works fine.  When the
Freeswan began renegotiating of phase 1, they use nat-t draft-00, change
ports from 4500,4500 to 500,500 and the problems begins in the packets.  I
put a wireshark in the middle and see that the packets are not ESP , are
ISAKMP-UNKNOWN-VERSION.  I see in the logs that  just  after establishing
the IPsec SA (with ports 500,500) appears pfkey messages that indicates some
error:

 

 

2008:08:08-15:36:30 (none) pluto[5539]: [1] 10.8.247.134 #3170: initiating
Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS to replace #3155 {using isakmp#3163}

2008:08:08-15:36:31 (none) pluto[5539]: [1] 10.8.247.134 #3170: IKE message
has the Commit Flag set but Pluto doesn't implement this feature; ignoring
flag

2008:08:08-15:36:31 (none) pluto[5539]: [1] 10.8.247.134 #3170: ignoring
informational payload, type IPSEC_RESPONDER_LIFETIME

2008:08:08-15:36:31 (none) pluto[5539]: [1] 10.8.247.134 #3170: transition
from state STATE_QUICK_I1 to state STATE_QUICK_I2

2008:08:08-15:36:31 (none) pluto[5539]: [1] 10.8.247.134 #3170:
STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x762e85bc <0x0bf6c4dd
xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=none}

2008:08:08-15:36:40 (none) pluto[5539]: | NAT-T: new mapping
10.8.247.134:4500/500)

2008:08:08-15:36:40 (none) pluto[5539]: | pfkey_lib_debug:pfkey_msg_parse:
satype 0 conversion to proto failed for msg_type 2 (update). 

2008:08:08-15:36:40 (none) pluto[5539]: | pfkey_lib_debug:pfkey_msg_build:
Trouble parsing newly built pfkey message, error=-22. 

2008:08:08-15:36:40 (none) pluto[5539]: [1] 10.8.247.134 #3155:
pfkey_msg_build of Add SA esp.bf6c4db at 192.168.131.5 failed, code -22

 

Someone can help me?

 

Thanks,

Rubén

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080811/34e8c436/attachment.html

More information about the Users mailing list