[Openswan Users] weird case of policy=PSK

Ing. Rodrigo Fernandez rfernandez_net at yahoo.com.mx
Fri Jun 25 23:56:31 EDT 2010 

Hello! Ok I have enabled the plutodebug= all and when I lose connection I
got this log:, its very weird isn't it?

 

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: packet from *.*.*.*:500:
ignoring unknown Vendor ID payload [16f6ca16e4a4066d83821a0f0aeaa862]

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: packet from *.*.*.*:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: packet from *.*.*.*:500:
received Vendor ID payload [Dead Peer Detection]

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | nat-t detected, sending
nat-t VID

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | find_host_connection2
called from main_inI1_outR1, me=*.*.*.51:500 him=*.*.*.200:500 policy=none

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | find_host_pair: comparing
to *.*.*.51:500 *.*.*.194:500

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | find_host_pair_conn
(find_host_connection2): *.*.*:500 *.*.*:500 -> hp:none

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | find_host_connection2
returns empty

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | ****parse IPsec DOI SIT:

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    IPsec DOI SIT:
SIT_IDENTITY_ONLY

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | ****parse ISAKMP Proposal
Payload:

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    next payload type:
ISAKMP_NEXT_NONE

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    length: 40

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    proposal number: 1

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    protocol ID:
PROTO_ISAKMP

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    SPI size: 0

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    number of transforms: 1

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | *****parse ISAKMP
Transform Payload (ISAKMP):

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    next payload type:
ISAKMP_NEXT_NONE

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    length: 32

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    transform number: 1

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    transform ID: KEY_IKE

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | ******parse ISAKMP Oakley
attribute:

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    af+type:
OAKLEY_LIFE_TYPE

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    length/value: 1

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | ******parse ISAKMP Oakley
attribute:

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    af+type:
OAKLEY_LIFE_DURATION

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    length/value: 28800

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | ******parse ISAKMP Oakley
attribute:

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    af+type:
OAKLEY_ENCRYPTION_ALGORITHM

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    length/value: 5

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | ******parse ISAKMP Oakley
attribute:

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    af+type:
OAKLEY_AUTHENTICATION_METHOD

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    length/value: 1

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | ******parse ISAKMP Oakley
attribute:

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    af+type:
OAKLEY_HASH_ALGORITHM

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    length/value: 1

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | ******parse ISAKMP Oakley
attribute:

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    af+type:
OAKLEY_GROUP_DESCRIPTION

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: |    length/value: 2

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | find_host_connection2
called from main_inI1_outR1, me=*.*.*.51:500 him=%any:500 policy=PSK

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | find_host_pair: comparing
to *.*.*.51:500 *.*.*.194:500

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | find_host_pair_conn
(find_host_connection2): *.*.*.51:500 %any:500 -> hp:none

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | searching for connection
with policy = PSK

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | find_host_connection2
returns empty

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: packet from *.*.*.200:500:
initial Main Mode message received on *.*.*.51:500 but no connection has
been authorized with policy=PSK

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | complete state transition
with STF_IGNORE

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | * processed 0 messages
from cryptographic helpers

Jun 25 22:48:43 excalibur-netcafe pluto[31694]: | next event
EVENT_PENDING_DDNS in 45 seconds

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100625/dbe94789/attachment-0001.html

More information about the Users mailing list