[Openswan Users] STATE_MAIN_R3

Dmitry Melekhov dm at belkam.com
Thu Jan 31 05:35:41 EST 2008


Hello!

Sometimes (very rarely) I have following with openswan 2.4.9 :

On one side

# ipsec whack  --status | grep k183
000 "k183": 192.168.200.241...192.168.200.242; erouted; eroute owner: #24286
000 "k183":     srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "k183":   ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "k183":   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 32,32;
interface: eth1:3; encap: esp;
000 "k183":   newest ISAKMP SA: #24293; newest IPsec SA: #24286;
000 "k183":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 #24286: "k183":500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 1000s; newest IPSEC; eroute owner
000 #24286: "k183" used 7s ago; esp.f0777ee6 at 192.168.200.242
esp.24e24f0f at 192.168.200.241 comp.267a at 192.168.200.242
comp.1f6 at 192.168.200.241 tun.5e13 at 192.168.200.242 tun.5e12 at 192.168.200.241
000 #24293: "k183":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_REPLACE in 1270s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)


And on another side all is OK.

# ipsec whack --status | grep k183
000 "k183": 192.168.200.242...192.168.200.241; erouted; eroute owner: #621
000 "k183":     srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "k183":   ike_life: 3600s; ipsec_life: 3600s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "k183":   policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP; prio: 32,32;
interface: eth0; encap: esp;
000 "k183":   newest ISAKMP SA: #622; newest IPsec SA: #621;
000 "k183":   IKE algorithm newest: 3DES_CBC_192-MD5-MODP1536
000 #621: "k183":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 260s; newest IPSEC; eroute owner
000 #621: "k183" used 23s ago; esp.24e24f0f at 192.168.200.241
esp.f0777ee6 at 192.168.200.242 comp.1f6 at 192.168.200.241
comp.267a at 192.168.200.242 tun.1270 at 192.168.200.241 tun.126f at 192.168.200.242
000 #622: "k183":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 496s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0)


I restart connection with ipsec auto --down/--up.
But could you tell me what is STATE_MAIN_R3 and why can I get such problem?




More information about the Users mailing list