[Openswan Users] IKE main mode stalling

Brendan Moynihan bmoyni01 at yahoo.ie
Wed Nov 26 06:12:51 EST 2014 

Hi,
Trying a connection from openswan openswan-2.6.42 to Azure VPN gateway device.
Would appreciate any ideas as to why IKE is not get getting any further.
The following happend when openswan is the initiator.

| **parse ISAKMP Message:
|    initiator cookie:
|   b8 49 ed ea  a1 ca a7 1e
|    responder cookie:
|   bd 54 61 ec  ec cf a9 91
|    next payload type: ISAKMP_NEXT_KE
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
|    exchange type: ISAKMP_XCHG_IDPROT
|    flags: none
|    message ID:  00 00 00 00
|    length: 284
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| ICOOKIE:  b8 49 ed ea  a1 ca a7 1e
| RCOOKIE:  bd 54 61 ec  ec cf a9 91
| state hash entry 27
| v1 peer and cookies match on #7, provided msgid 00000000 vs 00000000
| v1 state object #7 found, in STATE_MAIN_R1
| processing connection ipsecvpn
"ipsecvpn" #7: discarding packet received during asynchronous work (DNS or crypto) in STATE_MAIN_R1
| * processed 0 messages from cryptographic helpers 
| next event EVENT_CRYPTO_FAILED in 18 seconds for #5
| next event EVENT_CRYPTO_FAILED in 18 seconds for #5


When Azure is the initator, then the following is observed:
|   c5 2e ea 37  4a 22 9c 5a
|    responder cookie:
|   7a 20 0f 10  1d e5 36 12
|    next payload type: ISAKMP_NEXT_KE
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
|    exchange type: ISAKMP_XCHG_IDPROT
|    flags: none
|    message ID:  00 00 00 00
|    length: 284
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| ICOOKIE:  c5 2e ea 37  4a 22 9c 5a
| RCOOKIE:  7a 20 0f 10  1d e5 36 12
| state hash entry 31
| v1 peer and cookies match on #12, provided msgid 00000000 vs 00000000
| v1 state object #12 found, in STATE_MAIN_R1
| processing connection ipsecvpn
"ipsecvpn" #12: discarding packet received during asynchronous work (DNS or crypto) in STATE_MAIN_R1
| * processed 0 messages from cryptographic helpers
| next event EVENT_CRYPTO_FAILED in 17 seconds for #10
| next event EVENT_CRYPTO_FAILED in 17 seconds for #10
|
| next event EVENT_CRYPTO_FAILED in 0 seconds for #10
| *time to handle event
| handling event EVENT_CRYPTO_FAILED
| event after this is EVENT_PENDING_DDNS in 19 seconds
| processing connection ipsecvpn
| event crypto_failed on state #10, aborting
| deleting state #10
| disconnecting state #10 from md
| deleting event for #10
| no suspended cryptographic state for 10
| ICOOKIE:  da 44 a0 3f  9c d5 c5 2c
| RCOOKIE:  1c 2f 01 c8  e3 67 f4 97
| state hash entry 18
| next event EVENT_PENDING_DDNS in 19 seconds
?unknown exchange
|    responder cookie:
|   78 65 9a bb  5e b4 b8 24
|    next payload type: ISAKMP_NEXT_KE
|    ISAKMP version: ISAKMP Version 1.0 (rfc2407)
|    exchange type: ISAKMP_XCHG_IDPROT
|    flags: none
|    message ID:  00 00 00 00
|    length: 284
|  processing version=1.0 packet with exchange type=ISAKMP_XCHG_IDPROT (2)
| ICOOKIE:  2a 9d a1 27  ce 11 83 42
| RCOOKIE:  78 65 9a bb  5e b4 b8 24
| state hash entry 27
| v1 state object not found
| ICOOKIE:  2a 9d a1 27  ce 11 83 42
| RCOOKIE:  00 00 00 00  00 00 00 00
| state hash entry 27
| v1 state object not found
packet from xxx.xxx.xxx.xxx:500: phase 1 message is part of an unknown exchange
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 36 seconds
| next event EVENT_PENDING_DDNS in 36 seconds


I have private ip on left behind a NAT with public facing ip to azure. 
any ideas appreciated.thank you. 



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141126/040b62fe/attachment.html>

More information about the Users mailing list