Hi Paul,<br> During Rekeying, I got the below error message in openswan<br><br>Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: received Vendor ID payload [RFC 3947] method set to=109<br>Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: enabling possible NAT-traversal with method 4<br>
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: STATE_MAIN_I2: sent MI2, expecting MR2<br>
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected<br>Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>
Mar 20 21:49:44 uxcasxxx pluto[7655]: "north-east" #29: STATE_MAIN_I3: sent MI3, expecting MR3<br><span style="color:rgb(255,0,0)">Mar 20 21:49:44 uxcasxxx pluto[7655]: packet from <a href="http://172.31.114.226:500">172.31.114.226:500</a>: ignoring informational payload, type UNEQUAL_PAYLOAD_LENGTHS on st==NULL (deleted?)</span><br>
Mar 20 21:49:44 uxcasxxx pluto[7655]: packet from <a href="http://172.31.114.226:500">172.31.114.226:500</a>: received and ignored informational message<br>Mar 20 21:49:54 uxcasxxx pluto[7655]: "north-east" #29: discarding duplicate packet; already STATE_MAIN_I3<br>
Mar 20 21:50:04 uxcasxxx pluto[7655]: "north-east" #26: ISAKMP SA expired (LATEST!)<br>Mar 20 21:50:04 uxcasxxx pluto[7655]: "north-east" #29: discarding duplicate packet; already STATE_MAIN_I3<br>Mar 20 21:50:14 uxcasxxx pluto[7655]: "north-east" #28: IPsec SA expired (LATEST!)<br>
Mar 20 21:50:14 uxcasxxx pluto[7655]: "north-east" #29: discarding duplicate packet; already STATE_MAIN_I3<br>Mar 20 21:50:55 uxcasxxx pluto[7655]: "north-east" #29: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message<br>
<br>The problem has got solved after some time, but because of this I ended up in packet loss of considerable time.<br><br>Topology <br>++++++<br><br>DUT( Third party vpn) Peer(Openswan)<br>172.31.114.226 ---------------------------------- 172.31.114.227<br>
<br>ipsec.conf<br>+++++++<br> # Debug-logging controls: "none" for (almost) none, "all" for lots.<br> # klipsdebug=none<br> # plutodebug="control parsing"<br> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br>
protostack=netkey<br> nat_traversal=yes<br> virtual_private=<br> oe=off<br> # Enable this if you see "failed to find any available worker"<br> nhelpers=0<br> interfaces=%defaultroute<br>
<br>conn north-east<br> type=transport<br> left=172.31.114.226<br> right=172.31.114.227<br> keyexchange=ike<br> auto=add<br> authby=secret<br> pfs=no<br> rekey=yes<br> ikelifetime=30s<br> keylife=30s<br>
keyingtries=0<br><br>ipsec.secrets<br>++++++++++<br>172.31.114.226 <a href="http://172.31.114.227">172.31.114.227</a>: PSK "mypresharedkey"<br><br>Please help me to narrow down this problem.<br><br>Regards,<br>
Saravanan N<br><br><br><br>