[Openswan Users] Tunnel didn't renegociate

Luc Paulin paulinster at gmail.com
Wed Oct 20 20:48:58 EDT 2010


2010/10/20 Paul Wouters <paul at xelerance.com>

> On Wed, 20 Oct 2010, Luc Paulin wrote:
>
>  a lots of error a the last key exchange that happen before the tunnel went
>> down.
>>
>> Oct 19 16:17:03 fwny-01 pluto[14450]: "nyctomtl" #1082: initiating Quick
>> Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW to replace #1078
>> {using isakmp#1081 msgid:9d32925c proposal=AES(12)_128-SHA1(2)_160
>> pfsgroup=OAKLEY_GROUP_MODP2048}
>> Oct 19 16:17:03 fwny-01 pluto[14450]: pluto_do_crypto: helper (-1) is
>> exiting
>> Oct 19 16:18:13 fwny-01 pluto[14450]: "nyctomtl" #1082: max number of
>> retransmissions (2) reached STATE_QUICK_I1
>> Oct 19 16:18:13 fwny-01 pluto[14450]: "nyctomtl" #1082: starting keying
>> attempt 2 of an unlimited number
>>
>>
>> Oct 19 16:29:13 fwny-01 pluto[14450]: packet from 1.2.3.4:500:
>> pluto_do_crypto: helper (-1) is  exiting
>> ATOA=none NATD=none DPD=none}
>> Oct 19 16:29:13 fwny-01 pluto[14450]: packet from 1.2.3.4:500:
>> pluto_do_crypto: helper (-1) is  exiting
>> Oct 19 16:29:13 fwny-01 pluto[14450]: "nyctomtl" #1092: ERROR: netlink
>> response for Add SA esp.fe9f0294 at 4.3.2.1 included errno 3: No
>> such process
>>
>
> Did you run out of memory?
>
>
No .. logs show nothing wrong and cacti do not show anything wrong with
memory and/or cpu...



>
>  I am trying to understand what happen but since this was working fine for
>> the past 2-3 month I am not to understand why the rekey
>> would have fail this time. I can provide a more detail log as well as the
>> configuration info if needed.
>>
>
> I am not entirely sure. Perhaps other log messages show a problem?
>
>
I'll give another look at the logs, but so far I didn't catch anything which
would explain the issue..

   -Luc


-- 
                         !!!!!
                       ( o o )
 --------------oOO----(_)----OOo--------------
Luc Paulin  |  paulinster(at)gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101020/7e47867c/attachment.html 


More information about the Users mailing list