[Openswan Users] ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
shawnlau
net17sharplau at 163.com
Sat Mar 28 08:24:35 EDT 2009
When I installed openswan-2.6.20 successful , I try to connect two network
like I use RSAKEY do so. But whatever ,the error like my email's title will
always appearance.
I don't know the reason. When I google , I found a lot of people was
confused by this problem also. The all error information like below:
104 "n-n" #1: STATE_MAIN_I1: initiate
003 "n-n" #1: received Vendor ID payload [Openswan (this version) 2.6.20 ]
003 "n-n" #1: received Vendor ID payload [Dead Peer Detection]
003 "n-n" #1: received Vendor ID payload [RFC 3947] method set to=109
106 "n-n" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "n-n" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT
detected
108 "n-n" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "n-n" #1: ignoring informational payload, type INVALID_ID_INFORMATION
msgid=00000000
003 "n-n" #1: received and ignored informational message
My configuration file like below:
ON left server:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12,%4:!192.1
68.100.0/24
protostack=netkey
interfaces=%defaultroute
conn %default
authby=rsasig
compress=yes
leftrsasigkey=%cert
rightrsasigkey=%cert
keyingtries=1
conn n-n
left=10.255.255.8
leftsubnet=192.168.100.0/24
leftsourceip=192.168.100.1
leftcert=left.pem
leftid=%fromcert
right=172.16.255.7
rightsubnet=192.168.200.0/24
rightsourceip=192.168.200.1
rightca="C=CN, O=YOHOcn, CN=RIGHT"
pfs=yes
auto=add
and the ipsec.secrets file configed like this:
: RSA /etc/ipsec.d/private/left.key "password"
ON right server:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12,%4:!192.1
68.200.0/24
protostack=netkey
plutodebug=all
conn %default
authby=rsasig
compress=yes
leftrsasigkey=%cert
rightrsasigkey=%cert
keyingtries=1
conn n-n
left=10.255.255.8
leftsubnet=192.168.100.0/24
leftsourceip=192.168.100.1
leftcert=left.pem
right=172.16.255.7
rightsubnet=192.168.200.0/24
rightsourceip=192.168.200.1
rightcert=right.pem
rightid=%fromcert
pfs=yes
auto=add
and the ipsec.secrets file configed like this:
: RSA /etc/ipsec.d/private/right.key "password"
My certs information like this:
LEFT (this server is still CA)
000
000 List of Public Keys:
000
000 Mar 28 20:07:46 2009, 1024 RSA Key AwEAAeWsZ (no private key), until Mar
28 19:29:53 2010 ok
000 ID_DER_ASN1_DN 'C=CN, ST=JiangSu, O=YOHOcn, OU=NetTech, CN=RIGHT,
E=right at yoho.lan'
000 Issuer 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 Mar 28 20:02:24 2009, 1024 RSA Key AwEAAbYeg (has private key), until
Mar 28 19:29:08 2010 ok
000 ID_DER_ASN1_DN 'C=CN, ST=JiangSu, O=YOHOcn, OU=NetTech, CN=LEFT,
E=left at yoho.cn'
000 Issuer 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: RSA (none) (none)
000
000 List of X.509 End Certificates:
000
000 Mar 28 20:02:24 2009, count: 1
000 subject: 'C=CN, ST=JiangSu, O=YOHOcn, OU=NetTech, CN=LEFT,
E=left at yoho.cn'
000 issuer: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 serial: 01
000 pubkey: 1024 RSA Key AwEAAbYeg, has private key
000 validity: not before Mar 28 19:29:08 2009 ok
000 not after Mar 28 19:29:08 2010 ok
000 subjkey:
71:7a:1f:02:30:30:22:8d:41:56:2e:07:f7:83:af:34:d0:0c:18:67
000 authkey:
e3:3e:0c:2e:5c:28:4f:92:be:28:c0:83:e0:72:f5:49:72:54:76:c2
000
000 List of X.509 CA Certificates:
000
000 Mar 28 20:02:24 2009, count: 1
000 subject: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 issuer: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 serial: 00:8f:6e:5d:88:28:5d:6e:62
000 pubkey: 1024 RSA Key AwEAAcLHL
000 validity: not before Mar 28 19:24:30 2009 ok
000 not after Mar 26 19:24:30 2019 ok
000 subjkey:
e3:3e:0c:2e:5c:28:4f:92:be:28:c0:83:e0:72:f5:49:72:54:76:c2
000 authkey:
e3:3e:0c:2e:5c:28:4f:92:be:28:c0:83:e0:72:f5:49:72:54:76:c2
000 aserial: 00:8f:6e:5d:88:28:5d:6e:62
000
000 List of X.509 CRLs:
000
000 Mar 28 20:02:24 2009, revoked certs: 0
000 issuer: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 updates: this Mar 28 19:27:11 2009
00
next Apr 27 19:27:11 2009 ok
RIGHT (contain the left.pem , right.pem and right.key)
000 List of Public Keys:
000
000 Mar 28 20:07:10 2009, 1024 RSA Key AwEAAeWsZ (has private key), until
Mar 28 19:29:53 2010 ok
000 ID_DER_ASN1_DN 'C=CN, ST=JiangSu, O=YOHOcn, OU=NetTech, CN=RIGHT,
E=right at yoho.lan'
000 Issuer 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 Mar 28 20:07:10 2009, 1024 RSA Key AwEAAbYeg (no private key), until Mar
28 19:29:08 2010 ok
000 ID_IPV4_ADDR '10.255.255.8'
000 Issuer 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 Mar 28 20:07:10 2009, 1024 RSA Key AwEAAbYeg (no private key), until Mar
28 19:29:08 2010 ok
000 ID_DER_ASN1_DN 'C=CN, ST=JiangSu, O=YOHOcn, OU=NetTech, CN=LEFT,
E=left at yoho.cn'
000 Issuer 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: RSA (none) (none)
000
000 List of X.509 End Certificates:
000
000 Mar 28 20:07:10 2009, count: 1
000 subject: 'C=CN, ST=JiangSu, O=YOHOcn, OU=NetTech, CN=RIGHT,
E=right at yoho.lan'
000 issuer: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 serial: 02
000 pubkey: 1024 RSA Key AwEAAeWsZ, has private key
000 validity: not before Mar 28 19:29:53 2009 ok
000 not after Mar 28 19:29:53 2010 ok
000 subjkey:
9a:d7:e2:fc:54:43:1a:37:18:29:0e:52:25:f2:d5:26:4f:ac:07:2e
000 authkey:
e3:3e:0c:2e:5c:28:4f:92:be:28:c0:83:e0:72:f5:49:72:54:76:c2
000 Mar 28 20:07:10 2009, count: 1
000 subject: 'C=CN, ST=JiangSu, O=YOHOcn, OU=NetTech, CN=LEFT,
E=left at yoho.cn'
000 issuer: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 serial: 01
000 pubkey: 1024 RSA Key AwEAAbYeg
000 validity: not before Mar 28 19:29:08 2009 ok
000 not after Mar 28 19:29:08 2010 ok
000 subjkey:
71:7a:1f:02:30:30:22:8d:41:56:2e:07:f7:83:af:34:d0:0c:18:67
000 authkey:
e3:3e:0c:2e:5c:28:4f:92:be:28:c0:83:e0:72:f5:49:72:54:76:c2
000
000 List of X.509 CA Certificates:
000
000 Mar 28 20:07:08 2009, count: 1
000 subject: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 issuer: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 serial: 00:8f:6e:5d:88:28:5d:6e:62
000 pubkey: 1024 RSA Key AwEAAcLHL
000 validity: not before Mar 28 19:24:30 2009 ok
000 not after Mar 26 19:24:30 2019 ok
000 subjkey:
e3:3e:0c:2e:5c:28:4f:92:be:28:c0:83:e0:72:f5:49:72:54:76:c2
000 authkey:
e3:3e:0c:2e:5c:28:4f:92:be:28:c0:83:e0:72:f5:49:72:54:76:c2
000 aserial: 00:8f:6e:5d:88:28:5d:6e:62
000
000 List of X.509 CRLs:
000
000 Mar 28 20:07:09 2009, revoked certs: 0
000 issuer: 'C=CN, ST=JiangSu, L=NanJing, O=YOHOcn, OU=ALL,
CN=cnc.yoho.lan, E=net17shawnlau at gmail.com'
000 updates: this Mar 28 19:27:11 2009
00
next Apr 27 19:27:11 2009 ok
I hope someone could give some help, this puzzled me for a week! And I
really don't know where the error happenes.
Thanks and regards !!!
Shawn!!!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090328/2553665a/attachment-0001.html
More information about the Users
mailing list