<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div>I've got Openswan 2.6.32 installed talking to a Juniper firewall. Upon a OS boot, the IPSec tunnel is successfully established. However, if the firewall is restarted, the IKE SA is re-established (auto=restart), but multiple IPSec SAs are also established and it appears that Openswan and the firewall have gotten confused as to which IPSec SA to use as no data is sent/received.<br></div><div><br></div><div>While the firewall was down, data was attempted to be sent towards the firewall, but failed as expected. However, each packet triggered an "initiate on demand". There were 13 such packets. After the firewall was restarted and the IKE SA established, Pluto went through 14 Quick Mode setups (13 for the queued packets and 1 just because). As noted, with these 14 IPSec SAs established, no data was
sent/received with the firewall.<br></div><div><br></div><div>Eventually, IPSec was manually restarted and everything returned to normal.</div><div><br></div><div>Jun 27 10:04:08 z001isgw01 pluto[3075]: "mybox-firewall" #38: DPD: No response from peer - declaring peer dead<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: "mybox-firewall" #38: DPD: Restarting Connection<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: "mybox-firewall" #35: rekeying state (STATE_QUICK_I2)<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: "mybox-firewall" #35: rekeying state (STATE_QUICK_I2)<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: "mybox-firewall" #35: ERROR: netlink response for Del SA esp.f338e426@10.1.234.10 included errno 3: No such process<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: "mybox-firewall" #35: ERROR: netlink response for Del SA esp.8d5de25f@10.1.234.1 included errno 3: No such process<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: "mybox-firewall" #39: initiating Main Mode to
replace #38<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:0 to 10.1.234.10:0 proto=255 state: fos_start because: acquire<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to 90.9.234.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:04:08 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to 70.7.234.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:04:09 z001isgw01 pluto[3075]: "mybox-firewall" #39: ERROR: asynchronous network error report on eth3 (sport=500) for message to 10.1.234.10 port 500, complainant 10.1.234.1: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]<br>Jun 27 10:04:11 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to 90.9.238.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:04:21 z001isgw01 pluto[3075]: "mybox-firewall" #39: ERROR: asynchronous network error report on
eth3 (sport=500) for message to 10.1.234.10 port 500, complainant 10.1.234.1: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]<br>Jun 27 10:04:40 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:0 to 10.1.234.10:0 proto=255 state: fos_start because: acquire<br>Jun 27 10:04:41 z001isgw01 pluto[3075]: "mybox-firewall" #39: ERROR: asynchronous network error report on eth3 (sport=500) for message to 10.1.234.10 port 500, complainant 10.1.234.1: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]<br>Jun 27 10:04:42 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to 90.9.234.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:04:53 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to 90.9.238.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:05:12 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:0 to 10.1.234.10:0 proto=255 state:
fos_start because: acquire<br>Jun 27 10:05:16 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to 90.9.234.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:05:20 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to 70.7.234.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:05:21 z001isgw01 pluto[3075]: "mybox-firewall" #39: ERROR: asynchronous network error report on eth3 (sport=500) for message to 10.1.234.10 port 500, complainant 10.1.234.1: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]<br>Jun 27 10:05:35 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to 90.9.238.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:05:44 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:0 to 10.1.234.10:0 proto=255 state: fos_start because: acquire<br>Jun 27 10:05:50 z001isgw01 pluto[3075]: initiate on demand from 192.168.0.2:5060 to
90.9.234.2:5060 proto=17 state: fos_start because: acquire<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: packet from 10.1.234.10:500: ignoring unknown Vendor ID payload [a601e645e2e8e15239409664fdeb5a9000cf9cad0000000e0000061e]<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: packet from 10.1.234.10:500: received Vendor ID payload [Dead Peer Detection]<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: packet from 10.1.234.10:500: ignoring Vendor ID payload [HeartBeat Notify 386b0100]<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: "mybox-firewall" #40: responding to Main Mode<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: "mybox-firewall" #40: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: "mybox-firewall" #40: STATE_MAIN_R1: sent MR1, expecting MI2<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: "mybox-firewall" #40: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<br>Jun 27 10:05:53 z001isgw01 pluto[3075]:
"mybox-firewall" #40: STATE_MAIN_R2: sent MR2, expecting MI3<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: "mybox-firewall" #40: Main mode peer ID is ID_IPV4_ADDR: '10.1.234.10'<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: "mybox-firewall" #40: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: "mybox-firewall" #40: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}<br>Jun 27 10:05:53 z001isgw01 pluto[3075]: "mybox-firewall" #40: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: ignoring unknown Vendor ID payload [a601e645e2e8e15239409664fdeb5a9000cf9cad0000000e0000061e]<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received Vendor ID payload [Dead Peer Detection]<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: ignoring Vendor ID payload [HeartBeat
Notify 386b0100]<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: STATE_MAIN_I2: sent MI2, expecting MR2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: STATE_MAIN_I3: sent MI3, expecting MR3<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: Main mode peer ID is ID_IPV4_ADDR: '10.1.234.10'<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: Dead Peer
Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #41: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:d9467a3e proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #42: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:deea9a90 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #43: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:56c51871 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #44: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:afb54c39 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #45: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:ad136b40 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #46: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:04d37942 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #47: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:a6e7e850 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #48: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:9b11eb80 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #49: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:40a712ec proposal=AES(12)_256-SHA1(2)_160
pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #50: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:739db093 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #51: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:61972bf6 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #52: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:52855dd8 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #53: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#39 msgid:ab42013b proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #54: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK to replace #35 {using isakmp#39 msgid:e14d5996 proposal=AES(12)_256-SHA1(2)_160 pfsgroup=no-pfs}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #41: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #41: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #41: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b470 <0x916fe43d xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #42: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #42: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #42: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b471
<0x5ceeacab xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #43: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #43: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #43: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b472 <0xed8286bf xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #44: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #44: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #44: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b473 <0x87daa4b0 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none
DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #45: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #45: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #45: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b474 <0x3c85c37f xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #46: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #46: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #46: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b475 <0x7211f885 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall"
#47: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #47: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #47: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b476 <0x8bb24577 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #48: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #48: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #48: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b477 <0x99b67f0a xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #49: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58
z001isgw01 pluto[3075]: "mybox-firewall" #49: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #49: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b478 <0xa8d56f44 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #50: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #50: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #50: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b479 <0x6927c1b0 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #51: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #51: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #51: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b47a <0xd3e1e3d5 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #52: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #52: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #52: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b47b <0x29f9a313 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #53: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #53: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01
pluto[3075]: "mybox-firewall" #53: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b47c <0x2e912976 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #54: Dead Peer Detection (RFC 3706): enabled<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #54: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #54: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x4b66b47d <0x6331e083 xfrm=AES_256-HMAC_SHA1 NATOA=none NATD=none DPD=enabled}<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 1 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 2 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 3 malformed payload notifies<br>Jun 27 10:05:58
z001isgw01 pluto[3075]: "mybox-firewall" #39: received 4 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 5 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 6 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 7 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 8 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 9 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 10 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 11 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]: "mybox-firewall" #39: received 12 malformed payload notifies<br>Jun 27 10:05:58 z001isgw01 pluto[3075]:
"mybox-firewall" #39: received 13 malformed payload notifies<br><br>version 2.0 # conforms to second version of ipsec.conf specification<br><br># basic configuration<br>config setup<br> # Debug-logging controls: "none" for (almost) none, "all" for lots.<br> klipsdebug=none<br> plutodebug=none<br> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey<br> protostack=netkey<br> nat_traversal=yes<br> virtual_private=<br> oe=no<br> # Enable this if you see "failed to find any available worker"<br>
nhelpers=0<br> hidetos=no<br> interfaces=%none<br><br>conn mybox-firewall<br> auth=esp<br> authby=secret<br> auto=start<br> compress=no<br> dpdaction=restart<br> dpddelay=7<br> dpdtimeout=30<br> ike=aes256-sha1;modp2048<br> keyexchange=ike<br> keyingtries=%forever<br> left=10.5.234.2<br> leftsubnet=192.168.0.6/32<br> pfs=no<br> phase2alg=aes256-sha1<br> right=10.5.234.10<br> rightsubnet=0.0.0.0/0<br> type=tunnel<br></div><div><br></div><div>While the tunnel/firewall is
down, I don't care about queuing any data. Any suggestions?<br></div><div><br></div><div>Chris<br></div><div><br></div></div></body></html>