[Openswan Users] Ipsec auto --up {tunnelname} hangs

Greg Scott GregScott at InfraSupportEtc.com
Sat Jun 21 01:22:44 EDT 2008


I tried one more experiment looking for a workaround.  While the right
side is hanging, what happens when the 2nd tunnel on the left side - the
tunnel I'm waiting for on the right side - comes up?  Short answer - the
right side still hangs.  I didn't wait as long this time - I don't want
to bring up these tunnels too much and interfere with the network.  
 
I suppose I could fork off a script that looks for a hung ipsec whack
proceess and then kills it, before doing ipsec auto --up.  But that
would be a total hack.
 
Here is what happened on the right side:
 
[root at lme-fw ~]#
[root at lme-fw ~]# ipsec auto --delete JanesvillePNT-Everywhere
021 no connection named "JanesvillePNT-Everywhere"
[root at lme-fw ~]# date
Sat Jun 21 00:04:10 CDT 2008
[root at lme-fw ~]# ipsec auto --add JanesvillePNT-Everywhere
[root at lme-fw ~]# date
Sat Jun 21 00:04:18 CDT 2008
[root at lme-fw ~]# ipsec auto --up JanesvillePNT-Everywhere
104 "JanesvillePNT-Everywhere" #130: STATE_MAIN_I1: initiate
003 "JanesvillePNT-Everywhere" #130: ignoring unknown Vendor ID payload
[4f455f5d7b764b67436f4f49]
003 "JanesvillePNT-Everywhere" #130: received Vendor ID payload [Dead
Peer Detection]
003 "JanesvillePNT-Everywhere" #130: received Vendor ID payload [RFC
3947] method set to=110
106 "JanesvillePNT-Everywhere" #130: STATE_MAIN_I2: sent MI2, expecting
MR2
003 "JanesvillePNT-Everywhere" #130: NAT-Traversal: Result using 3: no
NAT detected
108 "JanesvillePNT-Everywhere" #130: STATE_MAIN_I3: sent MI3, expecting
MR3
003 "JanesvillePNT-Everywhere" #130: we require peer to have ID
'@janesvillepnt.local', but peer declares '@janesvillecheetah.local'
218 "JanesvillePNT-Everywhere" #130: STATE_MAIN_I3:
INVALID_ID_INFORMATION
 

# the whack is hanging.  Now I will bring up the tunnel on the left side
 

# Nope - still hung.
 
[root at lme-fw ~]#
[root at lme-fw ~]# date
Sat Jun 21 00:06:39 CDT 2008
[root at lme-fw ~]#

 
Here is what happened on the left side in another window, while the
right side was hung:
 
[root at Janesville-fw1 ipsec.d]#
[root at Janesville-fw1 ipsec.d]# ipsec auto --add JanesvillePNT-Everywhere
[root at Janesville-fw1 ipsec.d]# ipsec auto --up JanesvillePNT-Everywhere
104 "JanesvillePNT-Everywhere" #1530: STATE_MAIN_I1: initiate
003 "JanesvillePNT-Everywhere" #1530: ignoring unknown Vendor ID payload
[4f456e4d43757f784f704063]
003 "JanesvillePNT-Everywhere" #1530: received Vendor ID payload [Dead
Peer Detection]
003 "JanesvillePNT-Everywhere" #1530: received Vendor ID payload [RFC
3947] method set to=110
106 "JanesvillePNT-Everywhere" #1530: STATE_MAIN_I2: sent MI2, expecting
MR2
003 "JanesvillePNT-Everywhere" #1530: NAT-Traversal: Result using RFC
3947 (NAT-Traversal): no NAT detected
108 "JanesvillePNT-Everywhere" #1530: STATE_MAIN_I3: sent MI3, expecting
MR3
004 "JanesvillePNT-Everywhere" #1530: STATE_MAIN_I4: ISAKMP SA
established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1536}
117 "JanesvillePNT-Everywhere" #1531: STATE_QUICK_I1: initiate
004 "JanesvillePNT-Everywhere" #1531: STATE_QUICK_I2: sent QI2, IPsec SA
established {ESP=>0xe01ba744 <0x2888c26f xfrm=AES_0-HMAC_SHA1 NATD=none
DPD=none}
[root at Janesville-fw1 ipsec.d]#
[root at Janesville-fw1 ipsec.d]#
[root at Janesville-fw1 ipsec.d]# ipsec auto --down
JanesvillePNT-Everywhere
[root at Janesville-fw1 ipsec.d]# ipsec auto --delete
JanesvillePNT-Everywhere
[root at Janesville-fw1 ipsec.d]# date
Sat Jun 21 00:06:33 CDT 2008
[root at Janesville-fw1 ipsec.d]#

- Greg 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080621/eb5ec8ba/attachment.html 


More information about the Users mailing list