[Openswan Users] Strange IP behaviour
Mike C
smith.not.western at gmail.com
Thu Jul 4 15:04:24 UTC 2013
Hi,
I'm using openswan 2.6.37 (looking to move to .38 sometime this year) with
klips and linux kernel 2.6.32.60, and noticed a very strange set of log
messages the other day.
I've got a dozen or so remote sites connecting into the main office, each
with 3 different tunnels. For various reasons, all the remote sites are
NAT'd. At one point the vpn server saw one tunnel supposedly receive
packets from 6 vary different IP addresses.
Each tunnel uses PSKs, and the remote end uses %any for the remote sites
IP. All tunnels use symbolic names to identify endpoints.
At the time of these logs the main office vpn server was under significant
load. The server was restarted and the problem went away before I was able
to access it to try other commands.
(IPs have been masked.)
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #13:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #13:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #13:
STATE_MAIN_R2: sent MR2, expecting MI3
2013-07-01 14:22:39 pluto "tunnel100"[1] 2.2.2.2 #11: next
payload type of ISAKMP Identification Payload has an unknown value: 127
2013-07-01 14:22:39 pluto "tunnel100"[1] 2.2.2.2 #11:
probable authentication failure (mismatch of preshared secrets?): malformed
payload in packet
2013-07-01 14:22:39 pluto "tunnel100"[1] 2.2.2.2 #11:
sending notification PAYLOAD_MALFORMED to 2.2.2.2:500
2013-07-01 14:22:39 pluto "tunnel100"[5] 3.3.3.3 #15:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2013-07-01 14:22:39 pluto "tunnel100"[5] 3.3.3.3 #15:
STATE_MAIN_R1: sent MR1, expecting MI2
2013-07-01 14:22:39 pluto "tunnel100"[2] 4.4.4.4 #12: next
payload type of ISAKMP Identification Payload has an unknown value: 125
2013-07-01 14:22:39 pluto "tunnel100"[2] 4.4.4.4 #12:
probable authentication failure (mismatch of preshared secrets?): malformed
payload in packet
2013-07-01 14:22:39 pluto "tunnel100"[4] 5.5.5.5 #14:
NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
2013-07-01 14:22:39 pluto "tunnel100"[4] 5.5.5.5 #14:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2013-07-01 14:22:39 pluto "tunnel100"[4] 5.5.5.5 #14:
STATE_MAIN_R2: sent MR2, expecting MI3
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #13: Main
mode peer ID is ID_FQDN: '@tunnel100.left'
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #13: no
suitable connection for peer '@tunnel100.left'
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #13:
sending encrypted notification INVALID_ID_INFORMATION to 1.1.1.1:500
2013-07-01 14:22:39 pluto "tunnel100"[4] 5.5.5.5 #16:
responding to Main Mode from unknown peer 5.5.5.5
2013-07-01 14:22:39 pluto "tunnel100"[4] 5.5.5.5 #16:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2013-07-01 14:22:39 pluto "tunnel100"[4] 5.5.5.5 #16:
STATE_MAIN_R1: sent MR1, expecting MI2
2013-07-01 14:22:39 pluto packet from 6.6.6.6:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2013-07-01 14:22:39 pluto "tunnel100"[6] 6.6.6.6 #17:
responding to Main Mode from unknown peer 6.6.6.6
2013-07-01 14:22:39 pluto "tunnel100"[6] 6.6.6.6 #17:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2013-07-01 14:22:39 pluto "tunnel100"[6] 6.6.6.6 #17:
STATE_MAIN_R1: sent MR1, expecting MI2
2013-07-01 14:22:39 pluto packet from 1.1.1.1:500:
ignoring unknown Vendor ID payload [4f45755c645c6a795c5c6170]
2013-07-01 14:22:39 pluto packet from 1.1.1.1:500:
received Vendor ID payload [Dead Peer Detection]
2013-07-01 14:22:39 pluto packet from 1.1.1.1:500:
received Vendor ID payload [RFC 3947] method set to=109
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #18:
responding to Main Mode from unknown peer 1.1.1.1
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #18:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2013-07-01 14:22:39 pluto "tunnel100"[3] 1.1.1.1 #18:
STATE_MAIN_R1: sent MR1, expecting MI2
2013-07-01 14:22:39 pluto packet from 1.1.1.1:500: phase 1
message is part of an unknown exchange
2013-07-01 14:22:39 pluto packet from 6.6.6.6:500:
ignoring unknown Vendor ID payload [4f45755c645c6a795c5c6170]
2013-07-01 14:22:39 pluto "tunnel100"[6] 6.6.6.6 #19:
responding to Main Mode from unknown peer 6.6.6.6
2013-07-01 14:22:39 pluto "tunnel100"[6] 6.6.6.6 #19:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2013-07-01 14:22:39 pluto "tunnel100"[6] 6.6.6.6 #19:
STATE_MAIN_R1: sent MR1, expecting MI2
Does anyone know what could have caused this / have seen this before?
Kind Regards,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130704/404ad390/attachment.html>
More information about the Users
mailing list