[Openswan Users] malloc 0 bytes and tunnel not found

Heiko --- tomtegubbar99 at yahoo.de
Fri Sep 12 06:53:11 EDT 2008


Hello list

I'm trying to build something like this:

XP-Client(192.168.79.51)  ------  OpenVPN(192.168.77.41)

Each PC has a route to the corresponding network. Ping, ssh etc work fine.

I use the self-compiled xl2tpd-1.1.12 and Linux Openswan U2.6.14/K2.6.25.16-0.1-pae (netkey)

When I connect from the XP-Client I get Error 651: Modem reporting an error and in my Logfiles I see "alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar in duplicate_state, please report to dev at openswan.org" and xl2tpd says "tunnel not found"

Here's the config of the Openswan-server:

config setup
        interfaces="ipsec0=eth0"
        plutodebug=control
#       nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.77.0/24

conn L2TP-PSK
        authby=secret
        pfs=no
        rekey=no
        keyingtries=3
#       type=tunnel
        left=192.168.77.41
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        auto=add

When I play around with the nat_traversal key, It seems that XP tries to initiate one connection after another and then it tells me the server does not respond. (The xl2tpd does not appear in the logfiles, too). The above config is the only one i found where xl2tpd is started.

So this posting is to first inform about the malloc 0 bytes Error and 2nd to ask how to solve the "tunnel not found" problem.

Thanks and greetings,
Heiko

Here's the (long) log of the Openswan-server
---------------------------------

    pluto[6540]: |
    pluto[6540]: | *received 312 bytes from 192.168.79.51:500 on eth0 (port=500)
    pluto[6540]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
    pluto[6540]: packet from 192.168.79.51:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
    pluto[6540]: packet from 192.168.79.51:500: ignoring Vendor ID payload [FRAGMENTATION]
    pluto[6540]: packet from 192.168.79.51:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
    pluto[6540]: packet from 192.168.79.51:500: ignoring Vendor ID payload [Vid-Initial-Contact]
    pluto[6540]: | instantiated "L2TP-PSK" for 192.168.79.51
    pluto[6540]: | creating state object #11 at 0x814d710
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | inserting state object #11 on chain 12
    pluto[6540]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #11
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: responding to Main Mode from unknown peer 192.168.79.51
    pluto[6540]: | started looking for secret for 192.168.77.41->192.168.79.51 of kind PPK_PSK
    pluto[6540]: | instantiating him to 0.0.0.0
    pluto[6540]: | actually looking for secret for 192.168.77.41->%any of kind PPK_PSK
    pluto[6540]: | 1: compared key 192.168.77.41 to 192.168.77.41 / %any -> 4
    pluto[6540]: | line 1: match=5
    pluto[6540]: | best_match 0>5 best=0x814c798 (line=1)
    pluto[6540]: | concluding with best_match=5 best=0x814c798 (lineno=1)
    pluto[6540]: | complete state transition with STF_OK
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    pluto[6540]: | sending reply packet to 192.168.79.51:500 (from port 500)
    pluto[6540]: | sending 140 bytes for STATE_MAIN_R0 through eth0:500 to 192.168.79.51:500 (using #11)
    pluto[6540]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #11
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: STATE_MAIN_R1: sent MR1, expecting MI2
    pluto[6540]: | modecfg pull: noquirk policy:push not-client
    pluto[6540]: | phase 1 is done, looking for phase 2 to unpend
    pluto[6540]: | * processed 0 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 7 seconds
    pluto[6540]: |
    pluto[6540]: | *received 360 bytes from 192.168.79.51:500 on eth0 (port=500)
    pluto[6540]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | v1 peer and cookies match on #11, provided msgid 00000000 vs 00000000
    pluto[6540]: | v1 state object #11 found, in STATE_MAIN_R1
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
    pluto[6540]: | inserting event EVENT_NAT_T_KEEPALIVE, timeout in 20 seconds
    pluto[6540]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
    pluto[6540]: | asking helper 0 to do build_kenonce op on seq: 16 (len=2668, pcw_work=1)
    pluto[6540]: | crypto helper write of request: cnt=2668<wlen=2668.
    pluto[6540]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #11
    pluto[6540]: | complete state transition with STF_SUSPEND
    pluto[6540]: | * processed 0 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 7 seconds
    pluto[6546]: ! helper 0 read 2664+4/2668 bytesfd: 8
    pluto[6546]: ! helper 0 doing build_kenonce op id: 16
    pluto[6540]: |
    pluto[6540]: | helper 0 has finished work (cnt now 1)
    pluto[6540]: | helper 0 replies to id: q#16
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | started looking for secret for 192.168.77.41->192.168.79.51 of kind PPK_PSK
    pluto[6540]: | instantiating him to 0.0.0.0
    pluto[6540]: | actually looking for secret for 192.168.77.41->%any of kind PPK_PSK
    pluto[6540]: | 1: compared key 192.168.77.41 to 192.168.77.41 / %any -> 4
    pluto[6540]: | line 1: match=5
    pluto[6540]: | best_match 0>5 best=0x814c798 (line=1)
    pluto[6540]: | concluding with best_match=5 best=0x814c798 (lineno=1)
    pluto[6540]: | parent1 type: 7 group: 14 len: 2668
    pluto[6540]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
    pluto[6540]: | asking helper 0 to do compute dh+iv op on seq: 17 (len=2668, pcw_work=1)
    pluto[6540]: | crypto helper write of request: cnt=2668<wlen=2668.
    pluto[6540]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #11
    pluto[6540]: | complete state transition with STF_OK
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    pluto[6540]: | sending reply packet to 192.168.79.51:500 (from port 500)
    pluto[6540]: | sending 356 bytes for STATE_MAIN_R1 through eth0:500 to 192.168.79.51:500 (using #11)
    pluto[6540]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #11
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: STATE_MAIN_R2: sent MR2, expecting MI3
    pluto[6540]: | modecfg pull: noquirk policy:push not-client
    pluto[6540]: | phase 1 is done, looking for phase 2 to unpend
    pluto[6540]: | * processed 1 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 7 seconds
    pluto[6546]: ! helper 0 read 2664+4/2668 bytesfd: 8
    pluto[6546]: ! helper 0 doing compute dh+iv op id: 17
    pluto[6540]: |
    pluto[6540]: | helper 0 has finished work (cnt now 1)
    pluto[6540]: | helper 0 replies to id: q#17
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | * processed 1 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 7 seconds
    pluto[6540]: |
    pluto[6540]: | *received 68 bytes from 192.168.79.51:500 on eth0 (port=500)
    pluto[6540]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | v1 peer and cookies match on #11, provided msgid 00000000 vs 00000000
    pluto[6540]: | v1 state object #11 found, in STATE_MAIN_R2
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: Main mode peer ID is ID_IPV4_ADDR: '192.168.79.51'
    pluto[6540]: | started looking for secret for 192.168.77.41->192.168.79.51 of kind PPK_PSK
    pluto[6540]: | instantiating him to 0.0.0.0
    pluto[6540]: | actually looking for secret for 192.168.77.41->%any of kind PPK_PSK
    pluto[6540]: | 1: compared key 192.168.77.41 to 192.168.77.41 / %any -> 4
    pluto[6540]: | line 1: match=5
    pluto[6540]: | best_match 0>5 best=0x814c798 (line=1)
    pluto[6540]: | concluding with best_match=5 best=0x814c798 (lineno=1)
    pluto[6540]: | started looking for secret for 192.168.77.41->192.168.79.51 of kind PPK_PSK
    pluto[6540]: | instantiating him to 0.0.0.0
    pluto[6540]: | actually looking for secret for 192.168.77.41->%any of kind PPK_PSK
    pluto[6540]: | 1: compared key 192.168.77.41 to 192.168.77.41 / %any -> 4
    pluto[6540]: | line 1: match=5
    pluto[6540]: | best_match 0>5 best=0x814c798 (line=1)
    pluto[6540]: | concluding with best_match=5 best=0x814c798 (lineno=1)
    pluto[6540]: | offered CA: '%none'
    pluto[6540]: | thinking about whether to send my certificate:
    pluto[6540]: |   I have RSA key: OAKLEY_PRESHARED_KEY cert.type: CERT_NONE
    pluto[6540]: |   sendcert: CERT_ALWAYSSEND and I did not get a certificate request
    pluto[6540]: |   so do not send cert.
    pluto[6540]: | I did not send a certificate because digital signatures are not being used. (PSK)
    pluto[6540]: | complete state transition with STF_OK
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    pluto[6540]: | sending reply packet to 192.168.79.51:500 (from port 500)
    pluto[6540]: | sending 76 bytes for STATE_MAIN_R2 through eth0:500 to 192.168.79.51:500 (using #11)
    pluto[6540]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #11
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
    pluto[6540]: | modecfg pull: noquirk policy:push not-client
    pluto[6540]: | phase 1 is done, looking for phase 2 to unpend
    pluto[6540]: | * processed 0 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 7 seconds
    pluto[6540]: |
    pluto[6540]: | *received 1116 bytes from 192.168.79.51:500 on eth0 (port=500)
    pluto[6540]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | v1 peer and cookies match on #11, provided msgid cc89cc2c vs 00000000
    pluto[6540]: | v1 state object not found
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | v1 peer and cookies match on #11, provided msgid 00000000 vs 00000000
    pluto[6540]: | v1 state object #11 found, in STATE_MAIN_R3
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | peer client is 192.168.79.51
    pluto[6540]: | peer client protocol/port is 17/1701
    pluto[6540]: | our client is 192.168.77.41
    pluto[6540]: | our client protocol/port is 17/1701
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: the peer proposed: 192.168.77.41/32:17/1701 -> 192.168.79.51/32:17/1701
    pluto[6540]: | duplicating state object #11
    pluto[6540]: | creating state object #12 at 0x814ec48
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_ar in duplicate_state, please report to dev at openswan.org
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_er in duplicate_state, please report to dev at openswan.org
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pi in duplicate_state, please report to dev at openswan.org
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: alloc_bytes1() was mistakenly asked to malloc 0 bytes for st_skey_pr in duplicate_state, please report to dev at openswan.org
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | inserting state object #12 on chain 12
    pluto[6540]: | inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #12
    pluto[6540]: | 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
    pluto[6540]: | asking helper 0 to do build_nonce op on seq: 18 (len=2668, pcw_work=1)
    pluto[6540]: | crypto helper write of request: cnt=2668<wlen=2668.
    pluto[6540]: | inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #12
    pluto[6540]: | complete state transition with STF_SUSPEND
    pluto[6540]: | * processed 0 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 7 seconds
    pluto[6546]: ! helper 0 read 2664+4/2668 bytesfd: 8
    pluto[6546]: ! helper 0 doing build_nonce op id: 18
    pluto[6540]: |
    pluto[6540]: | helper 0 has finished work (cnt now 1)
    pluto[6540]: | helper 0 replies to id: q#18
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #12: responding to Quick Mode proposal {msgid:2ccc89cc}
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #12:     us: 192.168.77.41<192.168.77.41>[+S=C]:17/1701
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #12:   them: 192.168.79.51[+S=C]:17/1701
    pluto[6540]: | install_inbound_ipsec_sa() checking if we can route
    pluto[6540]: | route owner of "L2TP-PSK"[6] 192.168.79.51 unrouted: NULL; eroute owner: NULL
    pluto[6540]: | could_route called for L2TP-PSK (kind=CK_INSTANCE)
    pluto[6540]: |    routing is easy, or has resolvable near-conflict
    pluto[6540]: | checking if this is a replacement state
    pluto[6540]: |   st=0x814ec48 ost=(nil) st->serialno=#12 ost->serialno=#0
    pluto[6540]: | installing outgoing SA now as refhim=0
    pluto[6540]: | outgoing SA has refhim=4294901761
    pluto[6540]: | add inbound eroute 192.168.79.51/32:1701 --17-> 192.168.77.41/32:0 => tun.10000 at 192.168.77.41 (raw_eroute)
    pluto[6540]: | raw_eroute result=1
    pluto[6540]: | complete state transition with STF_OK
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #12: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    pluto[6540]: | sending reply packet to 192.168.79.51:500 (from port 500)
    pluto[6540]: | sending 164 bytes for STATE_QUICK_R0 through eth0:500 to 192.168.79.51:500 (using #12)
    pluto[6540]: | inserting event EVENT_RETRANSMIT, timeout in 10 seconds for #12
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #12: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    pluto[6540]: | modecfg pull: noquirk policy:push not-client
    pluto[6540]: | phase 1 is done, looking for phase 2 to unpend
    pluto[6540]: | * processed 1 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 7 seconds
    pluto[6540]: |
    pluto[6540]: | *received 52 bytes from 192.168.79.51:500 on eth0 (port=500)
    pluto[6540]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32)
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | v1 peer and cookies match on #12, provided msgid cc89cc2c vs cc89cc2c
    pluto[6540]: | v1 state object #12 found, in STATE_QUICK_R1
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | install_ipsec_sa() for #12: outbound only
    pluto[6540]: | route owner of "L2TP-PSK"[6] 192.168.79.51 unrouted: NULL; eroute owner: NULL
    pluto[6540]: | could_route called for L2TP-PSK (kind=CK_INSTANCE)
    pluto[6540]: | sr for #12: unrouted
    pluto[6540]: | route owner of "L2TP-PSK"[6] 192.168.79.51 unrouted: NULL; eroute owner: NULL
    pluto[6540]: | eroute_connection add eroute 192.168.77.41/32:0 --17-> 192.168.79.51/32:1701 => esp.643da064 at 192.168.79.51 (raw_eroute)
    pluto[6540]: | raw_eroute result=1
    pluto[6540]: | command executing up-host
    pluto[6540]: | executing up-host: 2>&1 PLUTO_VERSION='2.0' PLUTO_VERB='up-host' PLUTO_CONNECTION='L2TP-PSK' PLUTO_NEXT_HOP='192.168.79.51' PLUTO_INTERFACE='eth0' PLUTO_ME='192.168.77.41' PLUTO_MY_ID='192.168.77.41' PLUTO_MY_CLIENT='192.168.77.41/32' PLUTO_MY_CLIENT_NET='192.168.77.41' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='192.168.79.51' PLUTO_PEER_ID='192.168.79.51' PLUTO_PEER_CLIENT='192.168.79.51/32' PLUTO_PEER_CLIENT_NET='192.168.79.51' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+IKEv2ALLOW' PLUTO_XAUTH_USERNAME=''  ipsec _updown
    pluto[6540]: | route_and_eroute: firewall_notified: true
    pluto[6540]: | command executing prepare-host
    pluto[6540]: | executing prepare-host: 2>&1 PLUTO_VERSION='2.0' PLUTO_VERB='prepare-host' PLUTO_CONNECTION='L2TP-PSK' PLUTO_NEXT_HOP='192.168.79.51' PLUTO_INTERFACE='eth0' PLUTO_ME='192.168.77.41' PLUTO_MY_ID='192.168.77.41' PLUTO_MY_CLIENT='192.168.77.41/32' PLUTO_MY_CLIENT_NET='192.168.77.41' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='192.168.79.51' PLUTO_PEER_ID='192.168.79.51' PLUTO_PEER_CLIENT='192.168.79.51/32' PLUTO_PEER_CLIENT_NET='192.168.79.51' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+IKEv2ALLOW' PLUTO_XAUTH_USERNAME=''  ipsec _updown
    pluto[6540]: | command executing route-host
    pluto[6540]: | executing route-host: 2>&1 PLUTO_VERSION='2.0' PLUTO_VERB='route-host' PLUTO_CONNECTION='L2TP-PSK' PLUTO_NEXT_HOP='192.168.79.51' PLUTO_INTERFACE='eth0' PLUTO_ME='192.168.77.41' PLUTO_MY_ID='192.168.77.41' PLUTO_MY_CLIENT='192.168.77.41/32' PLUTO_MY_CLIENT_NET='192.168.77.41' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='192.168.79.51' PLUTO_PEER_ID='192.168.79.51' PLUTO_PEER_CLIENT='192.168.79.51/32' PLUTO_PEER_CLIENT_NET='192.168.79.51' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+IKEv2ALLOW' PLUTO_XAUTH_USERNAME=''  ipsec _updown
    pluto[6540]: | route_and_eroute: instance "L2TP-PSK"[6] 192.168.79.51, setting eroute_owner {spd=0x814d3b8,sr=0x814d3b8} to #12 (was #0) (newest_ipsec_sa=#0)
    pluto[6540]: | complete state transition with STF_OK
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #12: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    pluto[6540]: | inserting event EVENT_SA_REPLACE, timeout in 3330 seconds for #12
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #12: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x643da064 <0x03c75866 xfrm=3DES_0-HMAC_MD5 NATOA=<invalid> NATD=<invalid>:500 DPD=enabled}
    pluto[6540]: | modecfg pull: noquirk policy:push not-client
    pluto[6540]: | phase 1 is done, looking for phase 2 to unpend
    pluto[6540]: | * processed 0 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 7 seconds
    xl2tpd[6758]: control_finish: Peer requested tunnel 19 twice, ignoring second one.
    xl2tpd[6758]: Connection established to 192.168.79.51, 1701.  Local: 10155, Remote: 19 (ref=0/0).  LNS session is 'default'
    xl2tpd[6758]: control_finish: Connection closed to 192.168.79.51, port 1701 (), Local: 10155, Remote: 19
    xl2tpd[6758]: Can not find tunnel 10155 (refhim=0)
    xl2tpd[6758]: network_thread: unable to find call or tunnel to handle packet.  call = 44358, tunnel = 10155 Dumping.
    pluto[6540]: |
    pluto[6540]: | *received 68 bytes from 192.168.79.51:500 on eth0 (port=500)
    pluto[6540]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | peer and cookies match on #12, provided msgid 00000000 vs cc89cc2c/00000000
    pluto[6540]: | peer and cookies match on #11, provided msgid 00000000 vs 00000000/00000000
    pluto[6540]: | p15 state object #11 found, in STATE_MAIN_R3
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: received Delete SA(0x643da064) payload: deleting IPSEC State #12
    pluto[6540]: | deleting state #12
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | sending 68 bytes for delete notify through eth0:500 to 192.168.79.51:500 (using #11)
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | command executing down-host
    pluto[6540]: | executing down-host: 2>&1 PLUTO_VERSION='2.0' PLUTO_VERB='down-host' PLUTO_CONNECTION='L2TP-PSK' PLUTO_NEXT_HOP='192.168.79.51' PLUTO_INTERFACE='eth0' PLUTO_ME='192.168.77.41' PLUTO_MY_ID='192.168.77.41' PLUTO_MY_CLIENT='192.168.77.41/32' PLUTO_MY_CLIENT_NET='192.168.77.41' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='192.168.79.51' PLUTO_PEER_ID='192.168.79.51' PLUTO_PEER_CLIENT='192.168.79.51/32' PLUTO_PEER_CLIENT_NET='192.168.79.51' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+IKEv2ALLOW' PLUTO_XAUTH_USERNAME=''  ipsec _updown
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #12: request to replace with shunt a prospective erouted policy with netkey kernel --- experimental
    pluto[6540]: | delete inbound eroute 192.168.79.51/32:1701 --17-> 192.168.77.41/32:0 => unk255.10000 at 192.168.77.41 (raw_eroute)
    pluto[6540]: | raw_eroute result=1
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: received and ignored informational message
    pluto[6540]: | complete state transition with STF_IGNORE
    pluto[6540]: | * processed 0 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 5 seconds
    pluto[6540]: |
    pluto[6540]: | *received 84 bytes from 192.168.79.51:500 on eth0 (port=500)
    pluto[6540]: |  processing version=1.0 packet with exchange type=ISAKMP_XCHG_INFO (5)
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | peer and cookies match on #11, provided msgid 00000000 vs 00000000/00000000
    pluto[6540]: | p15 state object #11 found, in STATE_MAIN_R3
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | v1 peer and cookies match on #11, provided msgid 00000000 vs 00000000
    pluto[6540]: | v1 state object #11 found, in STATE_MAIN_R3
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51 #11: received Delete SA payload: deleting ISAKMP State #11
    pluto[6540]: | deleting state #11
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: | sending 84 bytes for delete notify through eth0:500 to 192.168.79.51:500 (using #11)
    pluto[6540]: | ICOOKIE:  89 4b 0c a0  fc 33 75 b6
    pluto[6540]: | RCOOKIE:  da 53 2b 22  79 ef 05 a5
    pluto[6540]: | state hash entry 12
    pluto[6540]: | processing connection L2TP-PSK[6] 192.168.79.51
    pluto[6540]: "L2TP-PSK"[6] 192.168.79.51: deleting connection "L2TP-PSK" instance with peer 192.168.79.51 {isakmp=#0/ipsec=#0}
    pluto[6540]: "L2TP-PSK": request to delete a unrouted policy with netkey kernel --- experimental
    pluto[6540]: | route owner of "L2TP-PSK" unrouted: NULL
    pluto[6540]: | command executing unroute-host
    pluto[6540]: | executing unroute-host: 2>&1 PLUTO_VERSION='2.0' PLUTO_VERB='unroute-host' PLUTO_CONNECTION='L2TP-PSK' PLUTO_NEXT_HOP='192.168.79.51' PLUTO_INTERFACE='eth0' PLUTO_ME='192.168.77.41' PLUTO_MY_ID='192.168.77.41' PLUTO_MY_CLIENT='192.168.77.41/32' PLUTO_MY_CLIENT_NET='192.168.77.41' PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='1701' PLUTO_MY_PROTOCOL='17' PLUTO_PEER='192.168.79.51' PLUTO_PEER_ID='192.168.79.51' PLUTO_PEER_CLIENT='192.168.79.51/32' PLUTO_PEER_CLIENT_NET='192.168.79.51' PLUTO_PEER_CLIENT_MASK='255.255.255.255' PLUTO_PEER_PORT='1701' PLUTO_PEER_PROTOCOL='17' PLUTO_PEER_CA='' PLUTO_STACK='netkey' PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+IKEv2ALLOW'   ipsec _updown
    pluto[6540]: packet from 192.168.79.51:500: received and ignored informational message
    pluto[6540]: | complete state transition with STF_IGNORE
    pluto[6540]: | * processed 0 messages from cryptographic helpers
    pluto[6540]: | next event EVENT_PENDING_PHASE2 in 4 seconds
    pluto[6540]: |
    pluto[6540]: | *time to handle event
    pluto[6540]: | handling event EVENT_PENDING_PHASE2
    pluto[6540]: | event after this is EVENT_NAT_T_KEEPALIVE in 13 seconds
    pluto[6540]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
    pluto[6540]: | pending review: connection "mycket" was not up, skipped
    pluto[6540]: | pending review: connection "L2TP-PSK" was not up, skipped
    pluto[6540]: | next event EVENT_NAT_T_KEEPALIVE in 13 seconds

__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails. 
http://mail.yahoo.com 


More information about the Users mailing list