[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] problems with: could not start conn "tunnel"
From: "Vida Luz Arista" <viaris () gmail ! com>
Date: 2006-03-29 0:05:30
Message-ID: 636cf2bf0603281605s59303fb4pbf3af884c4320c4f () mail ! gmail ! com
[Download RAW message or body]
I have the firewall in the linux, the gateway is a router and this router
don't have firewall.
I don't see re-transmit in my logs, But I see this error en /var/log/message
ipsec__plutorun: ...could not start conn "tunnelipsec"
executing ipsec auto --status I have the following messages:
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 165.98.224.82
000 interface eth1/eth1 172.16.1.1
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 "DICE": 172.16.1.0/24===165.98.224.82...165.98.236.214===172.16.26.0/24;
prospective erouted; eroute owner: #0
000 "DICE": srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec
_updown;
000 "DICE": ike_life: 7800s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "DICE": policy: PSK+ENCRYPT+TUNNEL+UP; prio: 24,24; interface: eth0;
000 "DICE": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #3: "DICE":500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT
in 39s; nodpd
000 #3: pending Phase 2 for "DICE" replacing #0
On 3/28/06, Paul Wouters <paul@xelerance.com> wrote:
>
> On Tue, 28 Mar 2006, Vida Luz Arista wrote:
>
> > In /var/log/secure I have the follwing message:
> >
> > Mar 28 16:22:28 ns pluto[5175]: Could not change to directory
> > '/etc/ipsec.d/ocspcerts'
> > Mar 28 16:22:28 ns pluto[5175]: Could not change to directory
> > '/etc/ipsec.d/crls'
> > Mar 28 16:22:28 ns pluto[5175]: added connection description
> "tunnelipsec"
> > Mar 28 16:22:28 ns pluto[5175]: listening for IKE messages
> > Mar 28 16:22:28 ns pluto[5175]: adding interface eth1/eth1
> 172.16.1.1:500
> > Mar 28 16:22:28 ns pluto[5175]: adding interface eth0/eth0
> 165.98.224.82:500
> > Mar 28 16:22:28 ns pluto[5175]: adding interface lo/lo 127.0.0.1:500
> > Mar 28 16:22:28 ns pluto[5175]: adding interface lo/lo ::1:500
> > Mar 28 16:22:28 ns pluto[5175]: loading secrets from
> "/etc/ipsec.secrets"
> > Mar 28 16:22:29 ns pluto[5175]: "tunnelipsec" #1: initiating Main Mode
>
> You should have more after this. Either an error, or a re-transmit.
>
> If you see a retransmit, it looks like a firewall rule somewhere blocking
> port udp 500.
>
> Paul
>
[Attachment #3 (text/html)]
<div>I have the firewall in the linux, the gateway is a router and this router don't \
have firewall.</div> <div> </div>
<div>I don't see re-transmit in my logs, But I see this error en /var/log/message \
ipsec__plutorun: ...could not start conn "tunnelipsec"</div> \
<div> </div> <div>executing ipsec auto --status I have the following \
messages:</div> <div> </div>
<div>000 interface lo/lo ::1<br>000 interface lo/lo <a \
href="http://127.0.0.1"></b></font><font color="red"><b>MailScanner has detected a \
possible fraud attempt from "127.0.0.1" claiming to be</b></font> <font \
color="red"><b>MailScanner warning: numerical links are often malicious: \
127.0.0.1</a><br>000 interface eth0/eth0 <a \
href="http://165.98.224.82"></b></font><font color="red"><b>MailScanner has detected \
a possible fraud attempt from "165.98.224.82" claiming to be</b></font> <font \
color="red"><b>MailScanner warning: numerical links are often malicious: \
165.98.224.82</a><br>000 interface eth1/eth1 <a \
href="http://172.16.1.1"></b></font><font color="red"><b>MailScanner has detected a \
possible fraud attempt from "172.16.1.1" claiming to be</b></font> <font \
color="red"><b>MailScanner warning: numerical links are often malicious: \
172.16.1.1</a><br>000 %myid = (none)<br>000 debug none<br>000 <br>000 algorithm \
ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64<br>000 \
algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 \
<br>000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, \
keysizemax=448<br>000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, \
keysizemin=0, keysizemax=0<br>000 algorithm ESP encrypt: id=12, name=ESP_AES, \
ivlen=8, keysizemin=128, keysizemax=256 <br>000 algorithm ESP encrypt: id=252, \
name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256<br>000 algorithm ESP \
encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256<br>000 \
algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, \
keysizemax=128 <br>000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, \
keysizemin=160, keysizemax=160<br>000 algorithm ESP auth attr: id=5, \
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256<br>000 algorithm \
ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 <br>000 <br>000 \
algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192<br>000 \
algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128<br>000 \
algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 <br>000 algorithm IKE hash: \
id=2, name=OAKLEY_SHA1, hashsize=20<br>000 algorithm IKE dh group: id=2, \
name=OAKLEY_GROUP_MODP1024, bits=1024<br>000 algorithm IKE dh group: id=5, \
name=OAKLEY_GROUP_MODP1536, bits=1536<br>000 algorithm IKE dh group: id=14, \
name=OAKLEY_GROUP_MODP2048, bits=2048 <br>000 algorithm IKE dh group: id=15, \
name=OAKLEY_GROUP_MODP3072, bits=3072<br>000 algorithm IKE dh group: id=16, \
name=OAKLEY_GROUP_MODP4096, bits=4096<br>000 algorithm IKE dh group: id=17, \
name=OAKLEY_GROUP_MODP6144, bits=6144 <br>000 algorithm IKE dh group: id=18, \
name=OAKLEY_GROUP_MODP8192, bits=8192<br>000 <br>000 stats db_ops.c: {curr_cnt, \
total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} <br>000 <br>000 \
"DICE": <a \
href="http://172.16.1.0/24===165.98.224.82...165.98.236.214===172.16.26.0/24"></b></font><font \
color="red"><b>MailScanner has detected a possible fraud attempt from "172.16.1.0" \
claiming to be</b></font> <font color="red"><b>MailScanner warning: numerical links \
are often malicious: \
172.16.1.0/24===165.98.224.82...165.98.236.214===172.16.26.0/24</a>; prospective \
erouted; eroute owner: #0<br>000 "DICE": \
srcip=unset; dstip=unset; srcup=ipsec _updown; dstup=ipsec _updown;<br>000 \
"DICE": ike_life: 7800s; ipsec_life: 28800s; rekey_margin: \
540s; rekey_fuzz: 100%; keyingtries: 0 <br>000 "DICE": policy: \
PSK+ENCRYPT+TUNNEL+UP; prio: 24,24; interface: eth0; <br>000 \
"DICE": newest ISAKMP SA: #0; newest IPsec SA: #0; \
<br>000 <br>000 #3: "DICE":500 STATE_MAIN_I1 (sent MI1, expecting \
MR1); EVENT_RETRANSMIT in 39s; nodpd <br>000 #3: pending Phase 2 for "DICE" \
replacing #0<br><br><br> </div> <div><span class="gmail_quote">On 3/28/06, <b \
class="gmail_sendername">Paul Wouters</b> <<a \
href="mailto:paul@xelerance.com">paul@xelerance.com</a>> wrote:</span> <blockquote \
class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: \
#ccc 1px solid">On Tue, 28 Mar 2006, Vida Luz Arista wrote:<br><br>> In \
/var/log/secure I have the follwing message:<br> ><br>> Mar 28 16:22:28 ns \
pluto[5175]: Could not change to directory<br>> '/etc/ipsec.d/ocspcerts'<br>> \
Mar 28 16:22:28 ns pluto[5175]: Could not change to directory<br>> \
'/etc/ipsec.d/crls'<br>> Mar 28 16:22:28 ns pluto[5175]: added connection \
description "tunnelipsec" <br>> Mar 28 16:22:28 ns pluto[5175]: \
listening for IKE messages<br>> Mar 28 16:22:28 ns pluto[5175]: adding interface \
eth1/eth1 <a href="http://172.16.1.1:500"></b></font><font color="red"><b>MailScanner \
has detected a possible fraud attempt from "172.16.1.1:500" claiming to be</b></font> \
<font color="red"><b>MailScanner warning: numerical links are often malicious: \
172.16.1.1:500</a><br>> Mar 28 16:22:28 ns pluto[5175]: adding interface eth0/eth0 \
<a href="http://165.98.224.82:500"></b></font><font color="red"><b>MailScanner has \
detected a possible fraud attempt from "165.98.224.82:500" claiming to be</b></font> \
<font color="red"><b>MailScanner warning: numerical links are often malicious: \
165.98.224.82:500</a><br>> Mar 28 16:22:28 ns pluto[5175]: adding interface lo/lo \
<a href="http://127.0.0.1:500"></b></font><font color="red"><b>MailScanner has \
detected a possible fraud attempt from "127.0.0.1:500" claiming to be</b></font> \
<font color="red"><b>MailScanner warning: numerical links are often malicious: \
127.0.0.1:500</a><br>> Mar 28 16:22:28 ns pluto[5175]: adding interface lo/lo \
::1:500 <br>> Mar 28 16:22:28 ns pluto[5175]: loading secrets from \
"/etc/ipsec.secrets"<br>> Mar 28 16:22:29 ns pluto[5175]: \
"tunnelipsec" #1: initiating Main Mode<br><br>You should have more after \
this. Either an error, or a re-transmit. <br><br>If you see a retransmit, it looks \
like a firewall rule somewhere blocking<br>port udp \
500.<br><br>Paul<br></blockquote></div><br>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic