[prev in list] [next in list] [prev in thread] [next in thread]
List: openikev2-users
Subject: [openikev2-users] Problem about the IKE_AUTH
From: alejandro_perez () dif ! um ! es (Alejandro Perez Mendez)
Date: 2006-07-14 8:27:38
Message-ID: 1152858465.5191.10.camel () localhost ! localdomain
[Download RAW message or body]
> hi,
Hi
> Thank you for your advice . I have corrected the peer_id in the
> configuration file on both hosts. And now the "no configuration"
> problem has been solved.
> But now if I ping6 the other host , it prompts "sendmsg: no such
> process".
When it prompts this message?
> I used the ethereal tool to capture the packets in the IKE
> negotiation period .
Why don't you use the log output to see that?
> And it appears that there are 4 ISAKMP packets. The first 2
> packets are IKE_SA_INIT. It contains SA KE Nonce and Vendor ID. In
> the vendor ID payload, the 2 packets are the
> same(6f70656e696b6576322d302e3932).I wonder is it normal?
Correct. The first exchange is IKE_SA_INIT.
The vendor ID identifies the application performing the IKE negociation,
so it is normal they are equals.
> And the next 2 packets are IKE_AUTH,they are encrypted packets, so I
> just found that in the first IKE_AUTH packet , the encrypted payload
> 's next payload is Identification-I , in the second IKE_AUTH packet ,
> the encrypted payload 's next payload is Notification, is it the
> problem that leads to the failure of ping6 command?
If you see the log output instead of ethereal output, you will get a lot
of information, even the unencrypted IKE_AUTH message.
The notification payloads usually leads the IKE messages, so it is not
necessary an error. But it is possible that peer B was notificating to
peer A that an error has occurred. In this case, please, read the log
output to determine the error so, if no IKE_SA is successfully created,
the ping6 command still failing because the IPsec tunnel is not
established.
>
> Any idea is appreciated. Thank you !
Best regards!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic