[Openswan Users] [IPv6]Interoperability issue between openswan and Racoon2

Paul Wouters paul at xelerance.com
Fri Oct 15 07:42:28 EDT 2010

On Fri, 15 Oct 2010, Yatong Cui wrote:

> Then after RHEL initiates the connection,the following messages can be seen:
> (the other normal DEBUG messages are omitted for simplicity)
> [PROTO_WARN]:ikev2.c:1003:ikev2_check_new_request(): 0:2001:db8:1:2:20c:29ff:fe4d:489[500] - 2001:db8:1:1:20c:29ff:fe0c:3ed1[500]:0x284022f0:message to a nonexistent ike_sa
> 6.Logging and Detailed Message on RHEL6.0
> ======================================
> [root at TAR-EN1 ~]# ipsec auto --up TAHI
> no default routes detected
> 133 "TAHI" #1: STATE_PARENT_I1: initiate
> 133 "TAHI" #1: STATE_PARENT_I1: sent v2I1, expected v2R1
> 134 "TAHI" #2: STATE_PARENT_I2: sent v2I2, expected v2R2 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=oakley_sha group=modp1024}
> 010 "TAHI" #2: STATE_PARENT_I2: retransmission; will wait 20s for response
> 010 "TAHI" #2: STATE_PARENT_I2: retransmission; will wait 40s for response
> So from the above log information, I think the problem is that the ike_sa of two side doesn’t exactly match, yet from the configuration perspective, I’ve set the encryption and authentication using same algorithm. What would you think I need to change so that their secure communication can be set up ?

Can you do a run with plutodebug=all? 
It might also be useful to do another one where freebsd initiates to openswan,
so we can see the ID's as expected from both ends.


More information about the Users mailing list