[Openswan Users] ipsec between two linux box can't work
weiruyao
weiruyao at 163.com
Wed Aug 19 05:04:02 EDT 2009
Hi all:
I'm doing a test between two linux box installed the openswan-2.6.22.The network topology is simple:
192.168.1.104=======192.168.1.3
The configure file in is like this:
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
conn tunnelipsec
type=tunnel
authby=secret
left=192.168.1.3
right=192.168.1.104
esp=3des-md5
keyexchange=ike
pfs=no
auto=start
After ipsec start, the connection can't be setup .the log in 192.168.1.3 is like this:
/proc/sys/net/ipv4/route $ ipsec_setup: Starting Openswan IPsec U2.6.22/K2.6.20.lzrt.v1.1...
Mar 12 08:19:49 pluto[5319]: Starting Pluto (Openswan Version 2.6.22; Vendor ID OElj@]rTMBuM) pid:5319
Mar 12 08:19:49 pluto[5319]: Setting NAT-Traversal port-4500 floating to off
Mar 12 08:19:49 pluto[5319]: port floating activation criteria nat_t=0/port_float=1
Mar 12 08:19:49 pluto[5319]: including NAT-Traversal patch (Version 0.6c) [disabled]
Mar 12 08:19:49 pluto[5319]: using /dev/urandom as source of random entropy
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Mar 12 08:19:49 pluto[5319]: starting up 1 cryptographic helpers
Mar 12 08:19:49 pluto[5322]: using /dev/urandom as source of random entropy
Mar 12 08:19:49 pluto[5319]: started helper pid=5322 (fd:6)
Mar 12 08:19:49 pluto[5319]: Using Linux 2.6 IPsec interface code on 2.6.20.lzrt.v1.1 (experimental code)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Mar 12 08:19:49 pluto[5319]: ike_alg_add(): ERROR: Algorithm already exists
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Mar 12 08:19:49 pluto[5319]: ike_alg_add(): ERROR: Algorithm already exists
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Mar 12 08:19:49 pluto[5319]: ike_alg_add(): ERROR: Algorithm already exists
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Mar 12 08:19:49 pluto[5319]: ike_alg_add(): ERROR: Algorithm already exists
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Mar 12 08:19:49 pluto[5319]: ike_alg_add(): ERROR: Algorithm already exists
Mar 12 08:19:49 pluto[5319]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Mar 12 08:19:49 pluto[5319]: Changed path to directory '/etc/ipsec.d/cacerts'
Mar 12 08:19:49 pluto[5319]: Changed path to directory '/etc/ipsec.d/aacerts'
Mar 12 08:19:49 pluto[5319]: Changed path to directory '/etc/ipsec.d/ocspcerts'
Mar 12 08:19:49 pluto[5319]: Changing to directory '/etc/ipsec.d/crls'
Mar 12 08:19:49 pluto[5319]: Warning: empty directory
Mar 12 08:19:49 pluto[5319]: added connection description "tunnelipsec"
Mar 12 08:19:50 pluto[5319]: listening for IKE messages
Mar 12 08:19:50 pluto[5319]: adding interface eth0/eth0 192.168.1.3:500
Mar 12 08:19:50 pluto[5319]: adding interface lo/lo 127.0.0.1:500
Mar 12 08:19:50 pluto[5319]: loading secrets from "/etc/ipsec.secrets"
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: initiating Main Mode
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: received Vendor ID payload [Dead Peer Detection]
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: received Vendor ID payload [CAN-IKEv2]
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW {using isakmp#1 msgid:9449e88a proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Mar 12 08:19:51 pluto[5319]: "tunnelipsec" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x540456ec <0xf0ce6616 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
Mar 12 08:19:52 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Mar 12 08:19:52 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Dead Peer Detection]
Mar 12 08:19:52 pluto[5319]: "tunnelipsec" #3: responding to Main Mode
Mar 12 08:19:52 pluto[5319]: "tunnelipsec" #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 12 08:19:52 pluto[5319]: "tunnelipsec" #3: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 12 08:19:52 pluto[5319]: "tunnelipsec" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 12 08:19:52 pluto[5319]: "tunnelipsec" #3: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 12 08:19:52 pluto[5319]: "tunnelipsec" #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Mar 12 08:19:52 pluto[5319]: "tunnelipsec" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 12 08:19:52 pluto[5319]: "tunnelipsec" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Mar 12 08:20:01 pluto[5319]: "tunnelipsec" #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:20:18 pluto[5319]: "tunnelipsec" #3: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:20:52 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Mar 12 08:20:52 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Dead Peer Detection]
Mar 12 08:20:52 pluto[5319]: "tunnelipsec" #4: responding to Main Mode
Mar 12 08:20:52 pluto[5319]: "tunnelipsec" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 12 08:20:52 pluto[5319]: "tunnelipsec" #4: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 12 08:20:52 pluto[5319]: "tunnelipsec" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 12 08:20:52 pluto[5319]: "tunnelipsec" #4: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 12 08:20:52 pluto[5319]: "tunnelipsec" #4: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Mar 12 08:20:52 pluto[5319]: "tunnelipsec" #4: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 12 08:20:52 pluto[5319]: "tunnelipsec" #4: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Mar 12 08:21:00 pluto[5319]: "tunnelipsec" #4: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:21:17 pluto[5319]: "tunnelipsec" #4: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:21:51 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Mar 12 08:21:51 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Dead Peer Detection]
Mar 12 08:21:51 pluto[5319]: "tunnelipsec" #5: responding to Main Mode
Mar 12 08:21:51 pluto[5319]: "tunnelipsec" #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 12 08:21:51 pluto[5319]: "tunnelipsec" #5: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 12 08:21:51 pluto[5319]: "tunnelipsec" #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 12 08:21:51 pluto[5319]: "tunnelipsec" #5: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 12 08:21:51 pluto[5319]: "tunnelipsec" #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Mar 12 08:21:51 pluto[5319]: "tunnelipsec" #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 12 08:21:51 pluto[5319]: "tunnelipsec" #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Mar 12 08:22:00 pluto[5319]: "tunnelipsec" #5: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:22:17 pluto[5319]: "tunnelipsec" #5: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:22:51 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Mar 12 08:22:51 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Dead Peer Detection]
Mar 12 08:22:51 pluto[5319]: "tunnelipsec" #6: responding to Main Mode
Mar 12 08:22:51 pluto[5319]: "tunnelipsec" #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 12 08:22:51 pluto[5319]: "tunnelipsec" #6: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 12 08:22:51 pluto[5319]: "tunnelipsec" #6: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 12 08:22:51 pluto[5319]: "tunnelipsec" #6: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 12 08:22:51 pluto[5319]: "tunnelipsec" #6: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Mar 12 08:22:51 pluto[5319]: "tunnelipsec" #6: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 12 08:22:51 pluto[5319]: "tunnelipsec" #6: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Mar 12 08:22:59 pluto[5319]: "tunnelipsec" #6: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:23:16 pluto[5319]: "tunnelipsec" #6: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:23:50 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Mar 12 08:23:50 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Dead Peer Detection]
Mar 12 08:23:50 pluto[5319]: "tunnelipsec" #7: responding to Main Mode
Mar 12 08:23:50 pluto[5319]: "tunnelipsec" #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 12 08:23:50 pluto[5319]: "tunnelipsec" #7: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 12 08:23:50 pluto[5319]: "tunnelipsec" #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 12 08:23:50 pluto[5319]: "tunnelipsec" #7: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 12 08:23:50 pluto[5319]: "tunnelipsec" #7: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Mar 12 08:23:50 pluto[5319]: "tunnelipsec" #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 12 08:23:50 pluto[5319]: "tunnelipsec" #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Mar 12 08:23:59 pluto[5319]: "tunnelipsec" #7: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:24:16 pluto[5319]: "tunnelipsec" #7: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:24:50 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Mar 12 08:24:50 pluto[5319]: packet from 192.168.1.104:500: received Vendor ID payload [Dead Peer Detection]
Mar 12 08:24:50 pluto[5319]: "tunnelipsec" #8: responding to Main Mode
Mar 12 08:24:50 pluto[5319]: "tunnelipsec" #8: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 12 08:24:50 pluto[5319]: "tunnelipsec" #8: STATE_MAIN_R1: sent MR1, expecting MI2
Mar 12 08:24:50 pluto[5319]: "tunnelipsec" #8: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 12 08:24:50 pluto[5319]: "tunnelipsec" #8: STATE_MAIN_R2: sent MR2, expecting MI3
Mar 12 08:24:50 pluto[5319]: "tunnelipsec" #8: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.104'
Mar 12 08:24:50 pluto[5319]: "tunnelipsec" #8: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 12 08:24:50 pluto[5319]: "tunnelipsec" #8: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Mar 12 08:24:58 pluto[5319]: "tunnelipsec" #8: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Mar 12 08:25:15 pluto[5319]: "tunnelipsec" #8: retransmitting in response to duplicate packet; already STATE_MAIN_R3
============================================
the log file in 192.168.1.104 is :
Aug 19 16:51:51 wrylab ipsec__plutorun: Starting Pluto subsystem...
Aug 19 16:51:51 wrylab pluto[8042]: Starting Pluto (Openswan Version 2.6.22; Vendor ID OElj@]rTMBuM) pid:8042
Aug 19 16:51:51 wrylab pluto[8042]: Setting NAT-Traversal port-4500 floating to off
Aug 19 16:51:51 wrylab pluto[8042]: port floating activation criteria nat_t=0/port_float=1
Aug 19 16:51:51 wrylab pluto[8042]: including NAT-Traversal patch (Version 0.6c) [disabled]
Aug 19 16:51:51 wrylab pluto[8042]: using /dev/urandom as source of random entropy
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Aug 19 16:51:51 wrylab pluto[8042]: starting up 1 cryptographic helpers
Aug 19 16:51:51 wrylab pluto[8049]: using /dev/urandom as source of random entropy
Aug 19 16:51:51 wrylab pluto[8042]: started helper pid=8049 (fd:7)
Aug 19 16:51:51 wrylab pluto[8042]: Using Linux 2.6 IPsec interface code on 2.6.15-1.2054_FC5smp (experimental code)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating <NULL>: Ok (ret=0)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_add(): ERROR: Algorithm already exists
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_add(): ERROR: Algorithm already exists
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_add(): ERROR: Algorithm already exists
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_add(): ERROR: Algorithm already exists
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_add(): ERROR: Algorithm already exists
Aug 19 16:51:51 wrylab pluto[8042]: ike_alg_register_enc(): Activating <NULL>: FAILED (ret=-17)
Aug 19 16:51:51 wrylab pluto[8042]: Changed path to directory '/etc/ipsec.d/cacerts'
Aug 19 16:51:51 wrylab pluto[8042]: Changed path to directory '/etc/ipsec.d/aacerts'
Aug 19 16:51:51 wrylab pluto[8042]: Changed path to directory '/etc/ipsec.d/ocspcerts'
Aug 19 16:51:51 wrylab pluto[8042]: Changing to directory '/etc/ipsec.d/crls'
Aug 19 16:51:51 wrylab pluto[8042]: Warning: empty directory
Aug 19 16:51:51 wrylab pluto[8042]: added connection description "tunnelipsec"
Aug 19 16:51:51 wrylab pluto[8042]: listening for IKE messages
Aug 19 16:51:51 wrylab pluto[8042]: adding interface eth0/eth0 192.168.1.104:500
Aug 19 16:51:51 wrylab pluto[8042]: adding interface lo/lo 127.0.0.1:500
Aug 19 16:51:51 wrylab pluto[8042]: adding interface lo/lo ::1:500
Aug 19 16:51:51 wrylab pluto[8042]: loading secrets from "/etc/ipsec.secrets"
Aug 19 16:51:51 wrylab pluto[8042]: "tunnelipsec": route-host output: Cannot open "/proc/sys/net/ipv4/route/flush"
Aug 19 16:51:51 wrylab pluto[8042]: "tunnelipsec" #1: initiating Main Mode
Aug 19 16:51:51 wrylab pluto[8042]: "tunnelipsec" #1: ERROR: asynchronous network error report on eth0 (sport=500) for message to 192.168.1.3 port 500, complainant 192.168.1.3: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Aug 19 16:52:00 wrylab pluto[8042]: packet from 192.168.1.3:500: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Aug 19 16:52:00 wrylab pluto[8042]: packet from 192.168.1.3:500: received Vendor ID payload [Dead Peer Detection]
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: responding to Main Mode
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: STATE_MAIN_R1: sent MR1, expecting MI2
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: STATE_MAIN_R2: sent MR2, expecting MI3
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.3'
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048}
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #2: the peer proposed: 192.168.1.104/32:0/0 -> 192.168.1.3/32:0/0
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #3: responding to Quick Mode proposal {msgid:9449e88a}
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #3: us: 192.168.1.104<192.168.1.104>[+S=C]
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #3: them: 192.168.1.3<192.168.1.3>[+S=C]
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #3: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #3: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #3: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 19 16:52:00 wrylab pluto[8042]: "tunnelipsec" #3: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xf0ce6616 <0x540456ec xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
Aug 19 16:52:01 wrylab pluto[8042]: "tunnelipsec" #1: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Aug 19 16:52:01 wrylab pluto[8042]: "tunnelipsec" #1: received Vendor ID payload [Dead Peer Detection]
Aug 19 16:52:01 wrylab pluto[8042]: "tunnelipsec" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 19 16:52:01 wrylab pluto[8042]: "tunnelipsec" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 19 16:52:02 wrylab pluto[8042]: "tunnelipsec" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 19 16:52:02 wrylab pluto[8042]: "tunnelipsec" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 19 16:52:02 wrylab pluto[8042]: packet from 192.168.1.3:500: size (384) differs from size specified in ISAKMP HDR (308)
Aug 19 16:52:32 wrylab last message repeated 2 times
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #1: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #1: starting keying attempt 2 of an unlimited number
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #4: initiating Main Mode to replace #1
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #4: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #4: received Vendor ID payload [Dead Peer Detection]
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #4: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 19 16:53:12 wrylab pluto[8042]: "tunnelipsec" #4: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 19 16:53:12 wrylab pluto[8042]: packet from 192.168.1.3:500: size (384) differs from size specified in ISAKMP HDR (308)
Aug 19 16:53:42 wrylab last message repeated 2 times
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #4: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #4: starting keying attempt 3 of an unlimited number
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #5: initiating Main Mode to replace #4
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #5: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #5: received Vendor ID payload [Dead Peer Detection]
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #5: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #5: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #5: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 19 16:54:22 wrylab pluto[8042]: "tunnelipsec" #5: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 19 16:54:22 wrylab pluto[8042]: packet from 192.168.1.3:500: size (384) differs from size specified in ISAKMP HDR (308)
Aug 19 16:54:52 wrylab last message repeated 2 times
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #5: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #5: starting keying attempt 4 of an unlimited number
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #6: initiating Main Mode to replace #5
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #6: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #6: received Vendor ID payload [Dead Peer Detection]
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #6: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #6: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #6: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 19 16:55:33 wrylab pluto[8042]: "tunnelipsec" #6: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 19 16:55:33 wrylab pluto[8042]: packet from 192.168.1.3:500: size (384) differs from size specified in ISAKMP HDR (308)
Aug 19 16:56:03 wrylab last message repeated 2 times
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #6: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #6: starting keying attempt 5 of an unlimited number
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #7: initiating Main Mode to replace #6
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #7: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #7: received Vendor ID payload [Dead Peer Detection]
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #7: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #7: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #7: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 19 16:56:43 wrylab pluto[8042]: "tunnelipsec" #7: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 19 16:56:43 wrylab pluto[8042]: packet from 192.168.1.3:500: size (384) differs from size specified in ISAKMP HDR (308)
Aug 19 16:57:13 wrylab last message repeated 2 times
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #7: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #7: starting keying attempt 6 of an unlimited number
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #8: initiating Main Mode to replace #7
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #8: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #8: received Vendor ID payload [Dead Peer Detection]
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #8: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #8: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #8: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 19 16:57:53 wrylab pluto[8042]: "tunnelipsec" #8: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 19 16:57:54 wrylab pluto[8042]: packet from 192.168.1.3:500: size (384) differs from size specified in ISAKMP HDR (308)
Aug 19 16:58:23 wrylab last message repeated 2 times
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #8: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #8: starting keying attempt 7 of an unlimited number
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #9: initiating Main Mode to replace #8
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #9: received Vendor ID payload [Openswan (this version) 2.6.22 ]
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #9: received Vendor ID payload [Dead Peer Detection]
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #9: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #9: STATE_MAIN_I2: sent MI2, expecting MR2
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #9: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Aug 19 16:59:03 wrylab pluto[8042]: "tunnelipsec" #9: STATE_MAIN_I3: sent MI3, expecting MR3
Aug 19 16:59:03 wrylab pluto[8042]: packet from 192.168.1.3:500: size (384) differs from size specified in ISAKMP HDR (308)
[root at wrylab ~]#
=========================
I think the problem is here:packet from 192.168.1.3:500: size (384) differs from size specified in ISAKMP HDR (308)
Any suggestion?
Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090819/a0a75d2f/attachment-0001.html
More information about the Users
mailing list