[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] moderate success
From:       Paul Wouters <paul () xtdnet ! nl>
Date:       2004-02-09 17:13:37
Message-ID: Pine.LNX.4.44.0402091810321.17729-100000 () expansionpack ! xtdnet ! nl
[Download RAW message or body]

On Mon, 9 Feb 2004, mark wrote:

> I am seeing this in logs though:
> 
> Feb  9 16:38:45 logik pluto[442]: "logik-to-cubic" #4: discarding
> duplicate packet; already STATE_QUICK_R1
> Feb  9 16:39:25 logik pluto[442]: "logik-to-cubic" #4: max number of
> retransmissions (2) reached STATE_QUICK_R1
> Feb  9 16:39:25 logik pluto[442]: "logik-to-cubic" #5: responding to
> Quick Mode
> Feb  9 16:39:36 logik pluto[442]: "logik-to-cubic" #5: discarding
> duplicate packet; already STATE_QUICK_R1

This is just both ends trying to setup the connection at the same time.

> Feb  9 16:41:45 logik pluto[442]: "logik-to-cubic" #7: ERROR: netlink
> XFRM_MSG_NEWPOLICY response for flow tun.10000@100.0.0.5 included
> errno 17: File exists
> 
> which doesn't seem like a good thing...

Do you have ipsectools installed? We call setkey -P and setkey -P -F to
clean the kernel from previous tunnels. This functionality is not yet
integrated into openswan itself.
 
> am i to understand that my tunnel is still not functional?

Prob it worked *before* you tried to replace it :)

install ipsectools (sourceforge). Or unload the modules to wipe the state.

Paul

[prev in list] [next in list] [prev in thread] [next in thread]