No subject
Wed Jul 11 05:00:03 EDT 2012
I've had issues at a Switching/Routing level with Cisco kit (Specifically loadbalancers) where this kind of scenario happens and you config something up and it doesn't appear to work as specified. Can you get a ticket raised with Cisco and have them take a look at it- presuming that the issue is still reproduceable?
Nick/Zohair, I was thinking aloud as I wondered if it might help and appreciate your IP config's are different (ie static vs dynamic)
Glad it's working nicely for you
Regard
dan
On 17 Jul 2012, at 13:28, Zohair Raza wrote:
> Hi Daniel,
>
> Thanks for response, I have static IPs at both end.
>
> But the issue is fixed, while having a look at each of cisco's configs
> I found out that rekey was disabled on cisco side, I first tried to
> disable rekey on openswan side but it didn't help because I had DPD
> enabled on openswan.
>
> I was also coordinating on IRC openswan channel, Later I saw that
> Openswan was trying to rekey with rekey set to no which as per _ruben
> on IRC was because of DPD. Then I asked cisco guy to enable rekey.
>
> After getting out of those failures I got to know by logs that cisco
> wasn't replying to openswan DPD message, disabling DPD in openswan
> solved my problem completely as Openswan replies to DPD message to
> remote end regardless of it is enabled or disabled at it's own config
>
> Regards,
> Zohair Raza
>
>
>
>
>
> On Tue, Jul 17, 2012 at 3:37 PM, Nick Howitt <n1ck.h0w1tt at gmail.com> wrote:
>> I use a DrayTek rather than a Cisco, but yes it is on a (slightly) dynamic
>> IP address. (The address rarely changes unless a device with a different MAC
>> is plugged into the cable modem.)
>> I think the problem I was describing is different. In my case I lost my
>> internet connection then DPD tried reloading the conn which had an FQDN in
>> it. As the FQDN could not resolve ipsec terminated. In your case ipsec has
>> not terminated as you can see logging from ipsec/pluto.
>>
>> Regards,
>>
>> Nick
>>
>> Quoting "Daniel Cave" <dan.cave at me.com>:
>>
>>> Zohair,
>>>
>>> I just noticed Nick Howitt;s email from 13/July about Draytek and DPD.
>>>
>>> I don't suppose by any chance either of your cisco config's are using
>>> dynamic IP addresses are they?
>>>
>>> Or perhaps it could be a similar related issue?
>>>
>>> Regards
>>> dan
>>>
>>> On 13 Jul 2012, at 12:31, Zohair Raza wrote:
>>>
>>>> I would appreciate if someone can suggest any way to fix it
>>>>
>>>> Thanks
>>>>
>>>> Regards,
>>>> Zohair Raza
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Jul 9, 2012 at 2:17 PM, Zohair Raza
>>>> <engineerzuhairraza at gmail.com> wrote:
>>>>>
>>>>> Hi Daniel,
>>>>>
>>>>> Thanks for reply, yes dead peer detection is enabled on cisco
>>>>>
>>>>> Failure is random, sometime it fails very often and sometimes it stays
>>>>> for long
>>>>>
>>>>> This is what comes on cisco when tunnel fails
>>>>>
>>>>>
>>>>> 44708 07/09/2012 10:41:01.410 SEV=5 IKE/0 RPT=19392
>>>>> Could not find centry for IPSec SA delete message
>>>>>
>>>>> 44709 07/09/2012 10:52:31.670 SEV=5 IKE/50 RPT=1482 1.1.1.1
>>>>> Group [1.1.1.1]
>>>>> Connection terminated for peer 1.1.1.1.
>>>>> Reason: Peer Terminate
>>>>> Remote Proxy 176.249.0.0, Local Proxy 172.16.0.0
>>>>>
>>>>> 44712 07/09/2012 10:52:55.980 SEV=5 IKE/50 RPT=1483 1.1.1.1
>>>>> Group [1.1.1.1]
>>>>> Connection terminated for peer 1.1.1.1.
>>>>> Reason: Peer Terminate
>>>>> Remote Proxy 176.249.0.0, Local Proxy 213.40.195.0
>>>>>
>>>>> 44715 07/09/2012 10:52:55.990 SEV=5 IKE/50 RPT=1484 1.1.1.1
>>>>> Group [1.1.1.1]
>>>>> Connection terminated for peer 1.1.1.1.
>>>>> Reason: Peer Terminate
>>>>> Remote Proxy 176.249.0.0, Local Proxy 170.254.0.0
>>>>>
>>>>> 44718 07/09/2012 10:52:55.990 SEV=4 AUTH/23 RPT=50284 1.1.1.1
>>>>> User [1.1.1.1] Group [1.1.1.1] disconnected: duration: 0:17:25
>>>>>
>>>>> 44719 07/09/2012 10:52:55.990 SEV=4 AUTH/85 RPT=50276
>>>>> LAN-to-LAN tunnel to headend device 1.1.1.1 disconnected: duration:
>>>>> 0:17:25
>>>>>
>>>>> 44720 07/09/2012 10:52:56.010 SEV=5 IKE/50 RPT=1485 1.1.1.1
>>>>> Group [1.1.1.1]
>>>>> Connection terminated for peer 1.1.1.1.
>>>>> Reason: Peer Terminate
>>>>> Remote Proxy 176.249.0.0, Local Proxy 172.16.0.0
>>>>>
>>>>> 44723 07/09/2012 10:52:56.020 SEV=5 IKE/0 RPT=19393
>>>>> Could not find centry for IPSec SA delete message
>>>>>
>>>>> 44724 07/09/2012 10:52:56.020 SEV=5 IKE/170 RPT=377 1.1.1.1
>>>>> Group [1.1.1.1]
>>>>> IKE Received delete for rekeyed centry
>>>>> IKE peer: 176.249.0.0, centry addr: 06ac2fa8, msgid: 0xd4057aa0
>>>>>
>>>>> 44727 07/09/2012 10:52:56.020 SEV=6 IKE/0 RPT=19394 1.1.1.1
>>>>> Group [1.1.1.1]
>>>>> Removing peer from peer table failed, no match!
>>>>>
>>>>> 44728 07/09/2012 10:52:56.030 SEV=4 AUTH/23 RPT=50285 1.1.1.1
>>>>> User [1.1.1.1] Group [1.1.1.1] disconnected: duration: 0:17:18
>>>>>
>>>>> 44729 07/09/2012 10:52:56.030 SEV=4 AUTH/85 RPT=50277
>>>>> LAN-to-LAN tunnel to headend device 1.1.1.1 disconnected: duration:
>>>>> 0:17:18
>>>>>
>>>>> 44730 07/09/2012 10:52:58.010 SEV=4 IKE/119 RPT=53479 1.1.1.1
>>>>>
>>>>>
>>>>> Regards,
>>>>> Zohair Raza
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Jul 9, 2012 at 1:16 PM, Daniel Cave <dan.cave at me.com> wrote:
>>>>>>
>>>>>> Zohair, Hi
>>>>>>
>>>>>> Have you checked that the Cisco 3030 has got dead peer detection
>>>>>> feature enabled also
>>>>>>
>>>>>> Im wondering what the logs are you see on the 3030 device also when the
>>>>>> tunnel fails - can you get those?
>>>>>>
>>>>>> Does this happen at the same time every day or randomly?
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> dan
>>>>>>
>>>>>> Fahrenheit IT.
>>>>>>
>>>>>>
>>>>>> On 9 Jul 2012, at 10:09, Zohair Raza wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I have recently setup a VPN between openswan and Cisco 3030, it
>>>>>>> connects without any issues but after some time the tunnel fails. I am
>>>>>>> new to openswan and can not find the root cause or solution of this
>>>>>>> problem even though I googled alot.
>>>>>>>
>>>>>>> Please can someone help me out, here is my config and logs
>>>>>>>
>>>>>>> openswan ipsec.conf:
>>>>>>>
>>>>>>> config setup
>>>>>>> # Debug-logging controls: "none" for (almost) none, "all" for
>>>>>>> lots.
>>>>>>> # klipsdebug=none
>>>>>>> # plutodebug="control parsing"
>>>>>>> # For Red Hat Enterprise Linux and Fedora, leave
>>>>>>> protostack=netkey
>>>>>>> protostack=netkey
>>>>>>> # nat_traversal=yes
>>>>>>> virtual_private=%v4:176.249.0.0/16
>>>>>>> oe=off
>>>>>>> myid=1.1.1.1
>>>>>>> # Enable this if you see "failed to find any available worker"
>>>>>>> # nhelpers=0
>>>>>>> klipsdebug=none
>>>>>>> plutodebug=none
>>>>>>> keep_alive=50
>>>>>>> interfaces=%defaultroute
>>>>>>>
>>>>>>>
>>>>>>> openswan tunnel config:
>>>>>>>
>>>>>>> conn TT-UK-1
>>>>>>>
>>>>>>> left=2.2.2.2
>>>>>>> leftsubnets={172.16.0.0/16 17.254.0.0/16 210.40.5.0/24}
>>>>>>>
>>>>>>> right=1.1.1.1
>>>>>>> rightsubnet=176.249.0.0/16
>>>>>>>
>>>>>>> keyexchange=ike
>>>>>>> pfs=no
>>>>>>> rekey=yes
>>>>>>>
>>>>>>> auto=start
>>>>>>> authby=secret
>>>>>>>
>>>>>>> phase2alg=3DES-SHA1
>>>>>>> ike=3DES-SHA1
>>>>>>>
>>>>>>> dpddelay=30
>>>>>>> compress=no
>>>>>>> type=tunnel
>>>>>>> dpdtimeout=30
>>>>>>> dpdaction=restart
>>>>>>>
>>>>>>> salifetime=28800s
>>>>>>> ikelifetime=86400s
>>>>>>>
>>>>>>>
>>>>>>> Logs when tunnel fails :
>>>>>>>
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #10: DPD: No
>>>>>>> response from peer - declaring peer dead
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #10: DPD:
>>>>>>> Restarting Connection
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #11: rekeying
>>>>>>> state (STATE_QUICK_R2)
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #7: rekeying
>>>>>>> state (STATE_QUICK_I2)
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #11: rekeying
>>>>>>> state (STATE_QUICK_R2)
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #11: ERROR:
>>>>>>> netlink response for Del SA esp.2df00509 at 2.2.2.2 included errno 3: No
>>>>>>> such process
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #11: ERROR:
>>>>>>> netlink response for Del SA esp.3af14046 at 1.1.1.1 included errno 3: No
>>>>>>> such process
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #7: rekeying
>>>>>>> state (STATE_QUICK_I2)
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #7: ERROR:
>>>>>>> netlink response for Del SA esp.8ad7896 at 2.2.2.2 included errno 3: No
>>>>>>> such process
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #7: ERROR:
>>>>>>> netlink response for Del SA esp.3a5f570a at 1.1.1.1 included errno 3: No
>>>>>>> such process
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: initiating
>>>>>>> Main Mode to replace #10
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: initiate on demand from
>>>>>>> 176.249.3.10:17168 to 172.16.12.221:16824 proto=17 state: fos_start
>>>>>>> because: acquire
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: initiate on demand from
>>>>>>> 176.249.3.89:10138 to 172.16.12.221:19624 proto=17 state: fos_start
>>>>>>> because: acquire
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: initiate on demand from
>>>>>>> 176.249.3.1:11784 to 172.16.12.221:13598 proto=17 state: fos_start
>>>>>>> because: acquire
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: initiate on demand from
>>>>>>> 176.249.3.233:10068 to 172.16.12.221:10166 proto=17 state: fos_start
>>>>>>> because: acquire
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: ignoring
>>>>>>> Vendor ID payload [FRAGMENTATION c0000000]
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: transition
>>>>>>> from state STATE_MAIN_I1 to state STATE_MAIN_I2
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13:
>>>>>>> STATE_MAIN_I2: sent MI2, expecting MR2
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: received
>>>>>>> Vendor ID payload [Cisco-Unity]
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: received
>>>>>>> Vendor ID payload [XAUTH]
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: ignoring
>>>>>>> unknown Vendor ID payload [366b42f48b3b9dd8ac5c05fe5494759b]
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: ignoring
>>>>>>> Vendor ID payload [Cisco VPN 3000 Series]
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: transition
>>>>>>> from state STATE_MAIN_I2 to state STATE_MAIN_I3
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13:
>>>>>>> STATE_MAIN_I3: sent MI3, expecting MR3
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: received
>>>>>>> Vendor ID payload [Dead Peer Detection]
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: Main mode
>>>>>>> peer ID is ID_IPV4_ADDR: '2.2.2.2'
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: transition
>>>>>>> from state STATE_MAIN_I3 to state STATE_MAIN_I4
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13:
>>>>>>> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
>>>>>>> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #13: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #14: initiating
>>>>>>> Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using
>>>>>>> isakmp#13 msgid:29e320e8 proposal=3DES(3)_192-SHA1(2)_160
>>>>>>> pfsgroup=no-pfs}
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #15: initiating
>>>>>>> Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using
>>>>>>> isakmp#13 msgid:0447f8ea proposal=3DES(3)_192-SHA1(2)_160
>>>>>>> pfsgroup=no-pfs}
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #16: initiating
>>>>>>> Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using
>>>>>>> isakmp#13 msgid:a01c9aed proposal=3DES(3)_192-SHA1(2)_160
>>>>>>> pfsgroup=no-pfs}
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #17: initiating
>>>>>>> Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using
>>>>>>> isakmp#13 msgid:532b0467 proposal=3DES(3)_192-SHA1(2)_160
>>>>>>> pfsgroup=no-pfs}
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #18: initiating
>>>>>>> Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK to replace #11
>>>>>>> {using isakmp#13 msgid:581cfb6d proposal=3DES(3)_192-SHA1(2)_160
>>>>>>> pfsgroup=no-pfs}
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: initiate on demand from
>>>>>>> 176.249.3.27:8 to 172.16.12.221:0 proto=1 state: fos_start because:
>>>>>>> acquire
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #19: initiating
>>>>>>> Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using
>>>>>>> isakmp#13 msgid:c2b4c48c proposal=3DES(3)_192-SHA1(2)_160
>>>>>>> pfsgroup=no-pfs}
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: initiate on demand from
>>>>>>> 176.249.0.1:8 to 172.16.12.221:0 proto=1 state: fos_start because:
>>>>>>> acquire
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #20: initiating
>>>>>>> Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using
>>>>>>> isakmp#13 msgid:5c42e8f9 proposal=3DES(3)_192-SHA1(2)_160
>>>>>>> pfsgroup=no-pfs}
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: initiate on demand from
>>>>>>> 176.249.3.44:52787 to 172.16.12.221:80 proto=6 state: fos_start
>>>>>>> because: acquire
>>>>>>> Jul 5 19:39:11 router-TT pluto[60606]: "TT-UK-1/1x0" #21: initiating
>>>>>>> Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using
>>>>>>> isakmp#13 msgid:bf505abf proposal=3DES(3)_192-SHA1(2)_160
>>>>>>> pfsgroup=no-pfs}
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #10: received
>>>>>>> Delete SA payload: deleting ISAKMP State #10
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: packet from 2.2.2.2:500:
>>>>>>> received and ignored informational message
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #16: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #16: transition
>>>>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #16:
>>>>>>> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>>>>>>> {ESP=>0x13552476 <0xbd4999bd xfrm=3DES_0-HMAC_SHA1 NATOA=none
>>>>>>> NATD=none DPD=enabled}
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #14: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #14: transition
>>>>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #14:
>>>>>>> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>>>>>>> {ESP=>0x4497ed1c <0x1d1db8f2 xfrm=3DES_0-HMAC_SHA1 NATOA=none
>>>>>>> NATD=none DPD=enabled}
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #15: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #15: transition
>>>>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #15:
>>>>>>> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>>>>>>> {ESP=>0x1ee0fa85 <0xd7656b45 xfrm=3DES_0-HMAC_SHA1 NATOA=none
>>>>>>> NATD=none DPD=enabled}
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #17: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #17: transition
>>>>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #17:
>>>>>>> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>>>>>>> {ESP=>0x29dd0baa <0xfccca15b xfrm=3DES_0-HMAC_SHA1 NATOA=none
>>>>>>> NATD=none DPD=enabled}
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #18: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #18: transition
>>>>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #18:
>>>>>>> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>>>>>>> {ESP=>0x23a597eb <0x26804c4c xfrm=3DES_0-HMAC_SHA1 NATOA=none
>>>>>>> NATD=none DPD=enabled}
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #19: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #19: transition
>>>>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #19:
>>>>>>> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>>>>>>> {ESP=>0x6f2ac97f <0xa16f2f01 xfrm=3DES_0-HMAC_SHA1 NATOA=none
>>>>>>> NATD=none DPD=enabled}
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #20: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #20: transition
>>>>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #20:
>>>>>>> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>>>>>>> {ESP=>0x0a200766 <0x77bc128c xfrm=3DES_0-HMAC_SHA1 NATOA=none
>>>>>>> NATD=none DPD=enabled}
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #21: Dead Peer
>>>>>>> Detection (RFC 3706): enabled
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #21: transition
>>>>>>> from state STATE_QUICK_I1 to state STATE_QUICK_I2
>>>>>>> Jul 5 19:39:12 router-TT pluto[60606]: "TT-UK-1/1x0" #21:
>>>>>>> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
>>>>>>> {ESP=>0x19bcc321 <0xb32bc1d8 xfrm=3DES_0-HMAC_SHA1 NATOA=none
>>>>>>> NATD=none DPD=enabled}
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Zohair Raza
>>>>>>> _______________________________________________
>>>>>>> Users at openswan.org
>>>>>>> http://lists.openswan.org/mailman/listinfo/users
>>>>>>> Micropayments:
>>>>>>> https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>>>>
>>>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>>>
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> Dan.
>>>>>>
>>>
>>> Regards
>>>
>>> Dan.
>>>
>>> _______________________________________________
>>> Users at lists.openswan.org
>>> https://lists.openswan.org/mailman/listinfo/users
>>>
>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>> Building and Integrating Virtual Private Networks with Openswan:
>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>
>>
Regards
Dan.
More information about the Users
mailing list