[Openswan Users] During rekeying, Ignoring informational payload, type UNEQUAL_PAYLOAD_LENGTHS on st==NULL (deleted?)
Paul Wouters
paul at nohats.ca
Tue Mar 20 13:27:04 EDT 2012
On Tue, 20 Mar 2012, SaRaVanAn wrote:
> During Rekeying, I got the below error message in openswan
> Mar 20 21:49:44 uxcasxxx pluto[7655]: packet from 172.31.114.226:500: received and ignored informational message
> Mar 20 21:49:54 uxcasxxx pluto[7655]: "north-east" #29: discarding duplicate packet; already STATE_MAIN_I3
> Mar 20 21:50:04 uxcasxxx pluto[7655]: "north-east" #26: ISAKMP SA expired (LATEST!)
> Mar 20 21:50:04 uxcasxxx pluto[7655]: "north-east" #29: discarding duplicate packet; already STATE_MAIN_I3
> Mar 20 21:50:14 uxcasxxx pluto[7655]: "north-east" #28: IPsec SA expired (LATEST!)
> Mar 20 21:50:14 uxcasxxx pluto[7655]: "north-east" #29: discarding duplicate packet; already STATE_MAIN_I3
> Mar 20 21:50:55 uxcasxxx pluto[7655]: "north-east" #29: max number of retransmissions (2) reached STATE_MAIN_I3. Possible
> authentication failure: no acceptable response to our first encrypted message
>
> The problem has got solved after some time, but because of this I ended up in packet loss of considerable time.
> ikelifetime=30s
> keylife=30s
This is the last time I will tell you....
The keylife and ikelifetime values should be in the order of magnitude
of hours, not seconds. This configuration is complete madness.
Paul
More information about the Users
mailing list