[Openswan Users] Advice and help to read pluto's logs

Sebastien COUPPEY sebastien.couppey at zero9.it
Fri Feb 8 04:04:33 EST 2008


I am having difficulties to read the logs of pluto,
devices are :  openswan <-> cisco 3080

1-  #249651: initiating Main Mode
2-  #249651: ignoring Vendor ID payload [FRAGMENTATION c0000000]
3-  #249651: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
4-  #249651: STATE_MAIN_I2: sent MI2, expecting MR2 
5-  #249651: received Vendor ID payload [Cisco-Unity]
6-  #249651: received Vendor ID payload [XAUTH]
7-  #249651: ignoring unknown Vendor ID payload [086a6374027ed9bbc051dd742ee98d16]
8-  #249651: ignoring Vendor ID payload [Cisco VPN 3000 Series]
9-  #249651: I did not send a certificate because I do not have one.
10- #249651: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11- #249651: STATE_MAIN_I3: sent MI3, expecting MR3
12- #249651: received Vendor ID payload [Dead Peer Detection]
13- #249651: Main mode peer ID is ID_IPV4_ADDR: 'CISCO_PUBLIC_IP'
14- #249651: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
15- #249651: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
16- #249651: Dead Peer Detection (RFC 3706): enabled 
17- #249652: initiating Quick Mode PSK+ENCRYPT+TUNNEL {using isakmp#249651}
18- #249652: Dead Peer Detection (RFC 3706): enabled
19- #249652: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
20- #249652: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x456b9e75 <0x7779aa6e xfrm=3DES_0-HMAC_SHA1 NATD=none DPD=enabled}

As you can see on line 6 it seems I am receiving a XAUTH
request. However on the CISCO 3080, I have the following options for the
authentication mode :

 Preshared key    <-----------
 RSA digital certificate
 DSA digital certificate
 Preshared key (XAUTH)
 RSA digital certificate (XAUTH)
 DSA digital certificate (XAUTH)
 RSA digital certificate (HYBRID)
 DSA digital certificate (HYBRID)

The "preshared key" is the one selected on the cisco 3080 device. Is
it normal to get the line 6 ? 

line 9 : I think this is normal on my side because I didn t configure
any certificate. Is this line the result of a XAUTH request  I am not
able to answer ?


More information about the Users mailing list