[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-dev
Subject: [Openswan dev]
From: Paul Wouters <paul () xtdnet ! nl>
Date: 2004-01-23 14:13:49
Message-ID: Pine.LNX.4.44.0401231500300.27838-100000 () expansionpack ! xtdnet ! nl
[Download RAW message or body]
It's hard to barf, since it stops right away, but here is the conn and the logs:
conn robertjc-paul
left=80.126.230.84
leftnexthop=195.190.244.80
leftsubnet=10.20.30.0/24
right=194.109.161.130
rightsubnet=10.10.20.0/24
auto=start
authby=secret
pfs=no
auth=esp
keyingtries=1
Note that this is probably a relic of a conn definition. This machine also does pptp,
so it has an ether to the ADSL modem:
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth1
Which obviusly interferes with the rightsubnet above. I believe I might have changed
the above route to a mask of /24 in the past when trying to use this conn with nat-t.
Anyway, the ASSERTION in ipsec_doi should probably be handled a bit better.
Paul
Jan 23 07:02:41 nsavax ipsec__plutorun: Restarting Pluto subsystem...
Jan 23 07:02:41 nsavax pluto[11476]: Starting Pluto (FreeS/WAN Version openswan-2.0.0 \
X.509-1.4.8 PLUTO_USES_KEYRR)
Jan 23 07:02:41 nsavax pluto[11476]: Using KLIPS IPsec interface code
Jan 23 07:02:41 nsavax pluto[11476]: Changing to directory '/etc/ipsec.d/cacerts'
Jan 23 07:02:41 nsavax pluto[11476]: Warning: empty directory
Jan 23 07:02:41 nsavax pluto[11476]: Changing to directory '/etc/ipsec.d/crls'
Jan 23 07:02:41 nsavax pluto[11476]: Warning: empty directory
Jan 23 07:02:41 nsavax pluto[11476]: added connection description "amsterdam-ottawa"
Jan 23 07:02:41 nsavax pluto[11476]: added connection description "robertjc-paul"
Jan 23 07:02:42 nsavax pluto[11476]: added connection description \
"amsterdam-edinborough"
Jan 23 07:02:42 nsavax pluto[11476]: added connection description \
"amsterdam-bagheera"
Jan 23 07:02:43 nsavax pluto[11476]: added connection description "amsterdam-toronto"
Jan 23 07:02:43 nsavax pluto[11476]: added connection description "peace-extrude"
Jan 23 07:02:43 nsavax pluto[11476]: listening for IKE messages
Jan 23 07:02:43 nsavax pluto[11476]: adding interface ipsec1/ppp0 80.126.230.84
Jan 23 07:02:43 nsavax pluto[11476]: adding interface ipsec0/eth0 193.110.157.30
Jan 23 07:02:43 nsavax pluto[11476]: loading secrets from "/etc/ipsec.secrets"
Jan 23 07:02:44 nsavax pluto[11476]: "amsterdam-ottawa" #1: initiating Main Mode
Jan 23 07:02:44 nsavax pluto[11476]: "robertjc-paul" #2: initiating Main Mode
Jan 23 07:02:44 nsavax pluto[11476]: "amsterdam-edinborough" #3: initiating Main Mode
Jan 23 07:02:44 nsavax pluto[11476]: "amsterdam-bagheera" #4: initiating Main Mode
Jan 23 07:02:44 nsavax pluto[11476]: "amsterdam-bagheera" #4: ERROR: asynchronous \
network error report on ppp0 for message to 194.109.240.22 port 500, complainant \
194.109.240.22: Connection refused [errno 111, origin ICMP type 3 code 3 (not \
authenticated)]
Jan 23 07:02:45 nsavax pluto[11476]: "amsterdam-toronto" #5: initiating Main Mode
Jan 23 07:02:45 nsavax pluto[11476]: "peace-extrude" #6: initiating Main Mode
Jan 23 07:02:45 nsavax pluto[11476]: "amsterdam-edinborough" #3: Peer ID is \
ID_IPV4_ADDR: '81.2.117.203'
Jan 23 07:02:45 nsavax pluto[11476]: "amsterdam-edinborough" #3: ISAKMP SA \
established
Jan 23 07:02:45 nsavax pluto[11476]: "amsterdam-edinborough" #7: initiating Quick \
Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#3}
Jan 23 07:02:45 nsavax pluto[11476]: "peace-extrude" #6: Peer ID is ID_IPV4_ADDR: \
'213.136.9.110'
Jan 23 07:02:45 nsavax pluto[11476]: "peace-extrude" #6: ISAKMP SA established
Jan 23 07:02:45 nsavax pluto[11476]: "peace-extrude" #8: initiating Quick Mode \
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#6}
Jan 23 07:02:45 nsavax pluto[11476]: "peace-extrude" #9: initiating Quick Mode \
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#6}
Jan 23 07:02:45 nsavax pluto[11476]: "amsterdam-edinborough" #7: sent QI2, IPsec SA \
established {ESP=>0x5170466f <0xc52d6cc2}
Jan 23 07:02:45 nsavax pluto[11476]: "peace-extrude" #8: sent QI2, IPsec SA \
established {ESP=>0x44f8cffb <0xc52d6cc3}
Jan 23 07:02:45 nsavax pluto[11476]: "peace-extrude" #9: sent QI2, IPsec SA \
established {ESP=>0x44f8cffc <0xc52d6cc4}
Jan 23 07:02:48 nsavax pluto[11476]: "peace-extrude" #6: ignoring Delete SA payload: \
PROTO_IPSEC_ESP SA(0x44f8b1ad) not found (maybe expired)
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #2: Peer ID is ID_IPV4_ADDR: \
'194.109.161.130'
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #2: ISAKMP SA established
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: initiating Quick Mode \
PSK+ENCRYPT+TUNNEL+UP {using isakmp#2}
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: ASSERTION FAILED at \
ipsec_doi.c:1998: (st)->st_new_iv_len < sizeof((st)->st_new_iv)
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: interface ipsec0/eth0 \
193.110.157.30
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: interface ipsec1/ppp0 \
80.126.230.84
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: %myid = (none)
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: debug none
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10:
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-bagheera": \
193.110.157.16/28===80.126.230.84---195.190.244.80...194.109.240.22[@bagheera.xs4all.nl]===192.168.0.0/24; \
prospective erouted; eroute owner: #0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-bagheera": \
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; \
keyingtries: 0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-bagheera": \
policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 28,24; interface: ppp0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-bagheera": \
newest ISAKMP SA: #0; newest IPsec SA: #0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-edinborough": \
193.110.157.16/28===80.126.230.84---195.190.244.80...81.2.117.203; erouted; eroute \
owner: #7
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-edinborough": \
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; \
keyingtries: 0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-edinborough": \
policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 28,32; interface: ppp0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-edinborough": \
newest ISAKMP SA: #3; newest IPsec SA: #7;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-ottawa": \
193.110.157.16/28===80.126.230.84---195.190.244.80...205.150.200.134===205.150.200.160/28; \
prospective erouted; eroute owner: #0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-ottawa": \
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; \
keyingtries: 0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-ottawa": \
policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 28,28; interface: ppp0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-ottawa": \
newest ISAKMP SA: #0; newest IPsec SA: #0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-toronto": \
193.110.157.30/32===80.126.230.84[@amsterdam.xelerance.com]---195.190.244.80...24.141.217.143[@toronto.xelerance.com]===159.18.124.249/32; \
prospective erouted; eroute owner: #0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-toronto": \
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; \
keyingtries: 0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-toronto": \
policy: RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 32,32; interface: ppp0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "amsterdam-toronto": \
newest ISAKMP SA: #0; newest IPsec SA: #0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "peace-extrude": \
193.110.157.16/28===80.126.230.84---195.190.244.80...213.136.9.110===0.0.0.0/0; \
erouted; eroute owner: #9
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "peace-extrude": \
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; \
keyingtries: 0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "peace-extrude": policy: \
RSASIG+ENCRYPT+TUNNEL+PFS+UP; prio: 0,28; interface: ppp0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "peace-extrude": newest \
ISAKMP SA: #6; newest IPsec SA: #9;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "robertjc-paul": \
10.20.30.0/24===80.126.230.84---195.190.244.80...194.109.161.130===10.10.20.0/24; \
prospective erouted; eroute owner: #0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "robertjc-paul": \
ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; \
keyingtries: 1
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "robertjc-paul": policy: \
PSK+ENCRYPT+TUNNEL+UP; prio: 24,24; interface: ppp0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: "robertjc-paul": newest \
ISAKMP SA: #2; newest IPsec SA: #0;
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10:
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #4: "amsterdam-bagheera" \
STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 6s
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #4: pending Phase 2 for \
"amsterdam-bagheera" replacing #0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #7: "amsterdam-edinborough" \
STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28142s; newest \
IPSEC; eroute owner
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #7: "amsterdam-edinborough" \
esp.5170466f@81.2.117.203 esp.c52d6cc2@80.126.230.84 tun.1002@81.2.117.203 \
tun.1001@80.126.230.84
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #3: "amsterdam-edinborough" \
STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 3018s; \
newest ISAKMP
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #1: "amsterdam-ottawa" \
STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 6s
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #1: pending Phase 2 for \
"amsterdam-ottawa" replacing #0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #5: "amsterdam-toronto" \
STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 7s
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #5: pending Phase 2 for \
"amsterdam-toronto" replacing #0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #9: "peace-extrude" \
STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27795s; newest \
IPSEC; eroute owner
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #9: "peace-extrude" \
esp.44f8cffc@213.136.9.110 esp.c52d6cc4@80.126.230.84 tun.1006@213.136.9.110 \
tun.1005@80.126.230.84
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #8: "peace-extrude" \
STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in \
27958s
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #8: "peace-extrude" \
esp.44f8cffb@213.136.9.110 esp.c52d6cc3@80.126.230.84 tun.1004@213.136.9.110 \
tun.1003@80.126.230.84
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #6: "peace-extrude" \
STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2834s; \
newest ISAKMP
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #10: "robertjc-paul" \
STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_SO_DISCARD in 0s
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #2: "robertjc-paul" \
STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2955s; \
newest ISAKMP
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10: #2: pending Phase 2 for \
"robertjc-paul" replacing #0
Jan 23 07:02:48 nsavax pluto[11476]: "robertjc-paul" #10:
Jan 23 07:02:50 nsavax ipsec__plutorun: Starting Pluto subsystem...
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic