[Openswan Users] ERROR: netlink XFRM_MSG_UPDPOLICY response for flow tun.0 at 212.64.xxx.x included errno 22: Invalid argument
Gerhard Reuter
gerhard.reuter at bayer.com
Fri Dec 5 03:52:18 EST 2014
Hi,
I have setup a VPN for remote access and it works great for users that are using 10.0.0.0/8 addresses. Now I also have a lot of road-warriors using 192.168.x.x/16 addresses.
So I added this network to my routing and to the ipsec.conf changing "leftsubnet" and "rightsubnet" to "leftsubnets" and "rightsubnets"
left=172.31.10.5
leftid=54.93.190.54
leftsubnets=(172.31.8.0/22)
leftxauthserver=yes
right=%any
rightsubnets=(10.0.0.0/8,192.168.0.0/16)
rightxauthclient=yes
Phase 1 comes up and when I start a session to the target server I get this error:
ERROR: netlink XFRM_MSG_UPDPOLICY response for flow tun.10000 at 172.31.10.5 included errno 22: Invalid argument
.. full trace ...
Dec 5 08:41:37 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[3] 37.201.149.80 #11: responding to Main Mode from unknown peer 37.201.149.80
Dec 5 08:41:37 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[3] 37.201.149.80 #11: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 5 08:41:37 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[3] 37.201.149.80 #11: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[3] 37.201.149.80 #11: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): both are NATed
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[3] 37.201.149.80 #11: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[3] 37.201.149.80 #11: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[3] 37.201.149.80 #11: Main mode peer ID is ID_FQDN: '@'
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[3] 37.201.149.80 #11: switched from "RWConn/1x1" to "RWConn/1x1"
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: deleting connection "RWConn/1x1" instance with peer 37.201.149.80 {isakmp=#0/ipsec=#0}
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: new NAT mapping for #11, was 37.201.149.80:500, now 37.201.149.80:4500
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_md5 group=modp2048}
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: XAUTH: Sending XAUTH Login/Password Request
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: XAUTH: Sending Username/Password request (XAUTH_R0)
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: received and ignored informational message
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: XAUTH: Unsupported XAUTH parameter XAUTH-TYPE received.
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: XAUTH: User renvpnuser: Attempting to login
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: XAUTH: pam authentication being called to authenticate user renvpnuser
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: XAUTH: User renvpnuser: Authentication Successful
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: XAUTH: xauth_inR1(STF_OK)
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: transition from state STATE_XAUTH_R1 to state STATE_MAIN_R3
Dec 5 08:41:38 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: STATE_MAIN_R3: sent MR3, ISAKMP SA established
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: the peer proposed: 172.31.8.0/22:0/0 -> 192.168.0.102/32:0/0
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #12: responding to Quick Mode proposal {msgid:129e9588}
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #12: us: ?===172.31.10.5<172.31.10.5>[54.93.190.54,+XS+S=C]
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #12: them: 37.201.149.80[@,+MC+XC+S=C]===?
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #12: ERROR: netlink XFRM_MSG_UPDPOLICY response for flow tun.10000 at 172.31.10.5 included errno 22: Invalid argument
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: | raw_eroute result=0
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #12: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #12: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #12: ERROR: netlink XFRM_MSG_UPDPOLICY response for flow tun.0 at 37.201.149.80 included errno 22: Invalid argument
Dec 5 08:41:54 ip-172-31-10-5 pluto[3598]: | raw_eroute result=0
Dec 5 08:42:04 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #12: discarding duplicate packet; already STATE_QUICK_R1
Dec 5 08:42:07 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x1d6cec87) not found (maybe expired)
Dec 5 08:42:07 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: received and ignored informational message
Dec 5 08:42:07 ip-172-31-10-5 pluto[3598]: "RWConn/1x1"[4] 37.201.149.80 #11: received Delete SA payload: deleting ISAKMP State #11
Dec 5 08:42:07 ip-172-31-10-5 pluto[3598]: packet from 37.201.149.80:4500: received and ignored informational message
no hit in google - not a really "popular" error, I guess.
any idea ?
thanks in advance
-Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141205/2f2130a8/attachment.html>
More information about the Users
mailing list