[Openswan Users] tunnel keeps failing
Thodoris Tsatsos
thodoris.tsatsos at gmail.com
Thu Aug 11 06:54:22 EDT 2016
Hi All,
My tunnel keeps failing every few days and I dont know why.
I read that *All indents in openswan should be a single tab not multiple
spaces, **multiple spaces can cause problems, so i changed it and still the
same.*
*Here is the log file.*
Aug 11 01:26:53 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x4"
#8329: max number of retransmissions (2) reached STATE_QUICK_I1. No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
Aug 11 01:26:53 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x4"
#8329: starting keying attempt 378 of an unlimited number
Aug 11 01:26:53 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x4"
#8345: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+
IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW to replace #8329 {using isakmp#2080
msgid:933bed85 proposal=AES(12)_256-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_
MODP1024}
Aug 11 01:26:59 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x6"
#8331: max number of retransmissions (2) reached STATE_QUICK_I1. No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
Aug 11 01:26:59 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x6"
#8331: starting keying attempt 381 of an unlimited number
Aug 11 01:26:59 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x6"
#8347: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+
IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW to replace #8331 {using isakmp#2080
msgid:591bdec5 proposal=AES(12)_256-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_
MODP1024}
Aug 11 01:27:03 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x5"
#8332: max number of retransmissions (2) reached STATE_QUICK_I1. No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
Aug 11 01:27:03 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x5"
#8332: starting keying attempt 398 of an unlimited number
Aug 11 01:27:03 ip-10-185-1-13 pluto[20103]: "deveng-parkfarm-prod/1x5"
#8348: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+
IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW to replace #8332 {using isakmp#2080
msgid:1a257190 proposal=AES(12)_256-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_
MODP1024}
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x1"
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x2"
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x3"
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x4"
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x5"
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x6"
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x7"
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x8"
Aug 11 01:27:13 ip-10-185-1-13 pluto[24733]: added connection description
"deveng-parkfarm-prod/1x9"
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x9"
#182: max number of retransmissions (2) reached STATE_QUICK_I1. No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x9"
#182: starting keying attempt 2 of an unlimited number
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x9"
#188: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+
IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW to replace #182 {using isakmp#4
msgid:355a88ab proposal=AES(12)_256-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_
MODP1024}
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x8"
#181: max number of retransmissions (2) reached STATE_QUICK_I1. No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x8"
#181: starting keying attempt 2 of an unlimited number
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x8"
#189: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+
IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW to replace #181 {using isakmp#4
msgid:63222913 proposal=AES(12)_256-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_
MODP1024}
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x7"
#180: max number of retransmissions (2) reached STATE_QUICK_I1. No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x7"
#180: starting keying attempt 2 of an unlimited number
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x7"
#190: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+
IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW to replace #180 {using isakmp#4
msgid:4899ff41 proposal=AES(12)_256-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_
MODP1024}
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x6"
#179: max number of retransmissions (2) reached STATE_QUICK_I1. No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x6"
#179: starting keying attempt 2 of an unlimited number
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x6"
#191: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+
IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW to replace #179 {using isakmp#4
msgid:8db1312f proposal=AES(12)_256-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_
MODP1024}
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x5"
#178: max number of retransmissions (2) reached STATE_QUICK_I1. No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x5"
#178: starting keying attempt 2 of an unlimited number
Aug 11 01:27:53 ip-10-185-1-13 pluto[24733]: "deveng-parkfarm-prod/1x5"
#192: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+
IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW to replace #178 {using isakmp#4
msgid:b06efd7b proposal=AES(12)_256-SHA1(2)_000 pfsgroup=OAKLEY_GROUP_MODP1
Any suggestions?
Thank you in advance.
Best regards,
Theo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160811/aae874d3/attachment.html>
More information about the Users
mailing list