[Openswan Users] Openswan AND fortigate 60b Vs Iptables

Ing. Rodrigo Fernandez rfernandez_net at yahoo.com.mx
Thu Jul 8 22:48:10 EDT 2010


 

Hi all!

 

Thank you for your quick response, the fact that makes me in the need to
"monitor" additionally the ipsec daemon its this:

 

When I got disconnection I got the weird message of  "no connection has been
authorized by polici = PSK " but I have discovere that if I restart the
daemon itself the tunnel goes up again, or maybe we can see why the tunnel
doesn't goes up? By the way im running IPsec U2.6.27/K2.6.20.21

 

Ill sending my log :

 

Thanks in advance!

 

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: received Vendor ID payload [RFC 3947] method set to=109

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: ignoring unknown Vendor ID payload
[8f8d83826d246b6fc7a8a6a428c11de8]

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: ignoring unknown Vendor ID payload
[439b59f8ba676c4c7737ae22eab8f582]

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: ignoring unknown Vendor ID payload
[4d1e0e136deafa34c4f3ea9f02ec7285]

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: ignoring unknown Vendor ID payload
[80d0bb3def54565ee84645d4c85ce3ee]

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: ignoring unknown Vendor ID payload
[9909b64eed937c6573de52ace952fa6b]

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 109

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: ignoring unknown Vendor ID payload
[16f6ca16e4a4066d83821a0f0aeaa862]

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: received Vendor ID payload [Dead Peer Detection]

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | nat-t detected, sending
nat-t VID

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_connection2
called from main_inI1_outR1, me=189.233.*.51:500 him=189.136.*.206:500
policy=none

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_pair: comparing
to 189.233.*.51:500 187.145.*.141:500

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_pair_conn
(find_host_connection2): 189.233.*.51:500 189.136.*.206:500 -> hp:none

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_connection2
returns empty

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | ****parse IPsec DOI SIT:

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    IPsec DOI SIT:
SIT_IDENTITY_ONLY

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | ****parse ISAKMP Proposal
Payload:

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    next payload type:
ISAKMP_NEXT_NONE

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    length: 40

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    proposal number: 1

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    protocol ID:
PROTO_ISAKMP

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    SPI size: 0

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    number of transforms: 1

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | *****parse ISAKMP
Transform Payload (ISAKMP):

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    next payload type:
ISAKMP_NEXT_NONE

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    length: 32

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    transform number: 1

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    transform ID: KEY_IKE

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | ******parse ISAKMP Oakley
attribute:

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    af+type:
OAKLEY_LIFE_TYPE

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    length/value: 1

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | ******parse ISAKMP Oakley
attribute:

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    af+type:
OAKLEY_LIFE_DURATION

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    length/value: 28800

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | ******parse ISAKMP Oakley
attribute:

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    af+type:
OAKLEY_ENCRYPTION_ALGORITHM

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    length/value: 5

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | ******parse ISAKMP Oakley
attribute:

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    af+type:
OAKLEY_AUTHENTICATION_METHOD

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    length/value: 1

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | ******parse ISAKMP Oakley
attribute:

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    af+type:
OAKLEY_HASH_ALGORITHM

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    length/value: 1

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | ******parse ISAKMP Oakley
attribute:

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    af+type:
OAKLEY_GROUP_DESCRIPTION

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: |    length/value: 2

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_connection2
called from main_inI1_outR1, me=189.233.*.51:500 him=%any:500 policy=PSK

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_pair: comparing
to 189.233.*.51:500 187.145.*.141:500

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_pair_conn
(find_host_connection2): 189.233.*.51:500 %any:500 -> hp:none

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | searching for connection
with policy = PSK

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | find_host_connection2
returns empty

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: packet from
189.136.*.206:500: initial Main Mode message received on 189.233.*.51:500
but no connection has been authorized with policy=PSK

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | complete state transition
with STF_IGNORE

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | * processed 0 messages
from cryptographic helpers

Jul  8 21:32:41 excalibur-netcafe pluto[12362]: | next event
EVENT_PENDING_PHASE2 in 46 seconds

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100708/70b4ad3e/attachment-0001.html 


More information about the Users mailing list