[Openswan Users] next event EVENT_PENDING_DDNS in 53 seconds
Luis Fernando Gramajo
lgramajo at empagua.com
Tue Jun 12 20:58:48 EDT 2012
Ok so set oe=off
Now the verify shows
Version check and ipsec on-path [OK]
Linux Openswan U2.6.28/K2.6.32-5-xen-amd64 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
So it seems everything fine with the verify.. jejeje.
Well,.. Im still stuck with:
inserting event EVENT_SA_REPLACE, timeout in 2640 seconds for #3
| event added after event EVENT_PENDING_PHASE2
"telefonica/2x0" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
tunnel mode {ESP/NAT=>0xf788d775 <0x32afbd91 xfrm=3DES_0-HMAC_SHA1
NATOA=none NATD=none DPD=none}
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 53 seconds
| next event EVENT_PENDING_DDNS in 53 seconds
|
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 60 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added at head of queue
| next event EVENT_PENDING_DDNS in 60 seconds
...........
| next event EVENT_PENDING_DDNS in 0 seconds
| *time to handle event
| handling event EVENT_PENDING_DDNS
| event after this is EVENT_PENDING_PHASE2 in 0 seconds
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds
| event added after event EVENT_PENDING_PHASE2
| handling event EVENT_PENDING_PHASE2
| event after this is EVENT_PENDING_DDNS in 60 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
| pending review: connection "telefonica/2x0" checked
| pending review: connection "telefonica/1x0" checked
| next event EVENT_PENDING_DDNS in 60 seconds
Im looking around but any help would be great, thanks.
El 12/06/12 17:16, Luis Fernando Gramajo escribió:
> Hi there... its me again... So finally got phase 1 running...
>
> 117 "telefonica/2x0" #3: STATE_QUICK_I1: initiate
> 002 "telefonica/1x0" #2: transition from state STATE_QUICK_I1 to state
> STATE_QUICK_I2
> 004 "telefonica/1x0" #2: STATE_QUICK_I2: sent QI2, IPsec SA
> established tunnel mode {ESP/NAT=>0x8db5c863 <0x089b6f17
> xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> 002 "telefonica/2x0" #3: transition from state STATE_QUICK_I1 to state
> STATE_QUICK_I2
> 004 "telefonica/2x0" #3: STATE_QUICK_I2: sent QI2, IPsec SA
> established tunnel mode {ESP/NAT=>0x298f3fea <0x181f4b5a
> xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
>
>
> But still in the log:
>
> | inserting event EVENT_SA_REPLACE, timeout in 2952 seconds for #3
> | event added after event EVENT_PENDING_PHASE2
> "telefonica/2x0" #3: STATE_QUICK_I2: sent QI2, IPsec SA established
> tunnel mode {ESP=>0x19ed24ac <0x540cac3b xfrm=3DES_0-HMAC_SHA1
> NATOA=none NATD=none DPD=none}
> | modecfg pull: noquirk policy:push not-client
> | phase 1 is done, looking for phase 2 to unpend
> | * processed 0 messages from cryptographic helpers
> | next event EVENT_PENDING_DDNS in 53 seconds
> | next event EVENT_PENDING_DDNS in 53 seconds
>
>
> So i executed the ipsec verify and got
>
> Opportunistic Encryption DNS checks:
> Looking for TXT in forward dns zone: TeleVPN [MISSING]
> Does the machine have at least one non-private address? [OK]
> Looking for TXT in reverse dns zone: 210.80.x.x.in-addr.arpa.
> [MISSING]
>
> My ips gives me the dns service... feels kinda of weird... do I have
> to add the peer to it?
>
> thanks
>
>
--
Luis Fernando Gramajo P.
Redes y Telecomunicaciones
Sistemas de Información EMPAGUA
More information about the Users
mailing list