[Openswan Users] Tunnel didn't renegociate
Paul Wouters
paul at xelerance.com
Wed Oct 20 20:05:22 EDT 2010
On Wed, 20 Oct 2010, Luc Paulin wrote:
> a lots of error a the last key exchange that happen before the tunnel went down.
>
> Oct 19 16:17:03 fwny-01 pluto[14450]: "nyctomtl" #1082: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW to replace #1078
> {using isakmp#1081 msgid:9d32925c proposal=AES(12)_128-SHA1(2)_160 pfsgroup=OAKLEY_GROUP_MODP2048}
> Oct 19 16:17:03 fwny-01 pluto[14450]: pluto_do_crypto: helper (-1) is exiting
> Oct 19 16:18:13 fwny-01 pluto[14450]: "nyctomtl" #1082: max number of retransmissions (2) reached STATE_QUICK_I1
> Oct 19 16:18:13 fwny-01 pluto[14450]: "nyctomtl" #1082: starting keying attempt 2 of an unlimited number
>
>
> Oct 19 16:29:13 fwny-01 pluto[14450]: packet from 1.2.3.4:500: pluto_do_crypto: helper (-1) is exiting
> ATOA=none NATD=none DPD=none}
> Oct 19 16:29:13 fwny-01 pluto[14450]: packet from 1.2.3.4:500: pluto_do_crypto: helper (-1) is exiting
> Oct 19 16:29:13 fwny-01 pluto[14450]: "nyctomtl" #1092: ERROR: netlink response for Add SA esp.fe9f0294 at 4.3.2.1 included errno 3: No
> such process
Did you run out of memory?
> I am trying to understand what happen but since this was working fine for the past 2-3 month I am not to understand why the rekey
> would have fail this time. I can provide a more detail log as well as the configuration info if needed.
I am not entirely sure. Perhaps other log messages show a problem?
Paul
More information about the Users
mailing list