[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openikev2-users
Subject:    [openikev2-users] Problem about the IKE_AUTH
From:       alejandro_perez () dif ! um ! es (Alejandro Perez Mendez)
Date:       2006-07-14 8:27:38
Message-ID: 1152858465.5191.10.camel () localhost ! localdomain
[Download RAW message or body]


> hi,

Hi

>     Thank you for your advice . I have corrected the peer_id in the
> configuration file on both hosts. And now the "no configuration"
> problem has been solved. 
>     But  now if I ping6 the other host , it prompts "sendmsg: no such
> process".

When it prompts this message?

>     I used the ethereal tool to capture the packets in the IKE
> negotiation period . 

Why don't you use the log output to see that?

>     And it appears that there are 4 ISAKMP packets. The first 2
> packets are IKE_SA_INIT. It contains SA KE Nonce  and Vendor ID. In
> the vendor ID payload, the 2 packets are the
> same(6f70656e696b6576322d302e3932).I  wonder is it normal?

Correct. The first exchange is IKE_SA_INIT.
The vendor ID identifies the application performing the IKE negociation,
so it is normal they are equals.

> And the next 2 packets are IKE_AUTH,they are encrypted packets, so I
> just found that in the first IKE_AUTH packet , the encrypted payload
> 's next payload is Identification-I ,  in the second IKE_AUTH packet ,
> the encrypted payload 's next payload is Notification, is it the
> problem that leads to the failure of ping6 command?

If you see the log output instead of ethereal output, you will get a lot
of information, even the unencrypted IKE_AUTH message.

The notification payloads usually leads the IKE messages, so it is not
necessary an error. But it is possible that peer B was notificating to
peer A that an error has occurred. In this case, please, read the log
output to determine the error so, if no IKE_SA is successfully created,
the ping6 command still failing because the IPsec tunnel is not
established. 

> 
>     Any idea is appreciated. Thank you !

Best regards!


[prev in list] [next in list] [prev in thread] [next in thread]