[Openswan Users] Fwd: Need help
Samir Hussain
shussain at xelerance.com
Mon Oct 17 09:04:15 EDT 2016
Rescued from the spam bucket. Please remember to subscribe to the
mailing list before posting to it.
-------- Forwarded Message --------
Subject: Need help
Date: Mon, 17 Oct 2016 06:04:04 +0000
From: Gowda M L, Lokesh <Lokesh.GowdaML at Hubzu.com>
To: users at lists.openswan.org <users at lists.openswan.org>
Hello,
I am finding this error when i am try to create the site-to-site tunnel.
Please suggest me if i am missed any config.
Conf file from left.
conn drshared-to-hubuz-non-prod
type=tunnel
authby=secret
left=10.216.230.216
leftid=x.x.x.x
leftnexthop=%defaultroute
leftsubnet=10.216.224.0/19
right=x.x.x.x
rightsubnet=10.10.32.0/19
pfs=yes
auto=start
Conf file from right
conn hubzu-non-prod-to-drshared
type=tunnel
authby=secret
left=10.10.36.77
leftid=x.x.x.x
leftnexthop=%defaultroute
leftsubnet=10.10.32.0/19
right=x.x.x.x
rightsubnet=10.216.224.0/19
pfs=yes
auto=start
Logs in Left system
Oct 17 05:57:43 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #48: responding to Main Mode
Oct 17 05:57:43 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #48: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Oct 17 05:57:43 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #48: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:58:13 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #47: max number of retransmissions (2)
reached STATE_MAIN_R1
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Openswan (this version) 2.6.37 ]
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Dead Peer Detection]
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [RFC 3947] method set to=109
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #49: responding to Main Mode
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #49: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Oct 17 05:58:23 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #49: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:58:53 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #48: max number of retransmissions (2)
reached STATE_MAIN_R1
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Openswan (this version) 2.6.37 ]
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Dead Peer Detection]
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [RFC 3947] method set to=109
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #50: responding to Main Mode
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #50: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Oct 17 05:59:03 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #50: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Openswan (this version) 2.6.37 ]
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Dead Peer Detection]
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [RFC 3947] method set to=109
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #51: responding to Main Mode
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #51: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Oct 17 05:59:13 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #51: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Openswan (this version) 2.6.37 ]
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Dead Peer Detection]
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [RFC 3947] method set to=109
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #52: responding to Main Mode
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #52: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #52: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 05:59:33 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #49: max number of retransmissions (2)
reached STATE_MAIN_R1
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Openswan (this version) 2.6.37 ]
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Dead Peer Detection]
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [RFC 3947] method set to=109
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #53: responding to Main Mode
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #53: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #53: STATE_MAIN_R1: sent MR1, expecting MI2
Oct 17 06:00:13 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #50: max number of retransmissions (2)
reached STATE_MAIN_R1
Oct 17 06:00:16 ip-10-216-230-216 sshd[11963]: Did not receive
identification string from 123.31.35.21
Oct 17 06:00:23 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #51: max number of retransmissions (2)
reached STATE_MAIN_R1
Oct 17 06:00:43 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #52: max number of retransmissions (2)
reached STATE_MAIN_R1
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Openswan (this version) 2.6.37 ]
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [Dead Peer Detection]
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [RFC 3947] method set to=109
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but
already using method 109
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 109
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 109
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]: packet from x.x.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #54: responding to Main Mode
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #54: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Oct 17 06:00:53 ip-10-216-230-216 pluto[11875]:
"drshared-to-hubuz-non-prod" #54: STATE_MAIN_R1: sent MR1, expecting MI2
Logs from right system:
Oct 17 05:45:53 ip-10-10-36-77 pluto[16552]:
"hubzu-non-prod-to-drshared" #2: max number of retransmissions (20)
reached STATE_MAIN_I1. No response (or no acceptable response) to our
first IKE message
Oct 17 05:45:53 ip-10-10-36-77 pluto[16552]:
"hubzu-non-prod-to-drshared" #2: starting keying attempt 2 of an
unlimited number
Oct 17 05:45:53 ip-10-10-36-77 pluto[16552]:
"hubzu-non-prod-to-drshared" #4: initiating Main Mode to replace #2
Oct 17 05:59:03 ip-10-10-36-77 pluto[16552]:
"hubzu-non-prod-to-drshared" #4: max number of retransmissions (20)
reached STATE_MAIN_I1. No response (or no acceptable response) to our
first IKE message
Oct 17 05:59:03 ip-10-10-36-77 pluto[16552]:
"hubzu-non-prod-to-drshared" #4: starting keying attempt 3 of an
unlimited number
Oct 17 05:59:03 ip-10-10-36-77 pluto[16552]:
"hubzu-non-prod-to-drshared" #5: initiating Main Mode to replace #4
Kindly help me on this as i am stuck in this error only.
Regards,
Lokesh Gowda M L
*296793 / Skype:lokesh.m.l <Skype:lokesh.m.l> / slack: @gowdamll*
This email message and any attachments are intended solely for the use
of the addressee. If you are not the intended recipient, you are
prohibited from reading, disclosing, reproducing, distributing,
disseminating or otherwise using this transmission. If you have received
this message in error, please promptly notify the sender by reply email
and immediately delete this message from your system. This message and
any attachments may contain information that is confidential, privileged
or exempt from disclosure. Delivery of this message to any person other
than the intended recipient is not intended to waive any right or
privilege. Message transmission is not guaranteed to be secure or free
of software viruses.
***********************************************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20161017/d04d4dfd/attachment-0001.html>
More information about the Users
mailing list