[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: [Openswan Users] cannot respond to IPsec SA request because no connection is known for
From: "Alfonso Viso" <alfonso.viso () selftrade ! com>
Date: 2008-12-26 16:26:37
Message-ID: 515251629957C542816307570516B86D6308ED () BSRSPCLE001 ! boursorama ! fr
[Download RAW message or body]
Hello all,
i can to established tunnel between a cisco pix and openswan server with PSK , but \
now i have a problem when i try to connect a roadwarrior. At first, the negotation \
is ok, in /var/log/secure appears : "roadwarrior-murquijo" #1: responding to Main \
Mode "roadwarrior-murquijo" #1: transition from state STATE_MAIN_R0 to state \
STATE_MAIN_R1 "roadwarrior-murquijo" #1: STATE_MAIN_R1: sent MR1, expecting MI2
"roadwarrior-murquijo" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer \
is NATed "roadwarrior-murquijo" #1: transition from state STATE_MAIN_R1 to state \
STATE_MAIN_R2 "roadwarrior-murquijo" #1: STATE_MAIN_R2: sent MR2, expecting MI3
"roadwarrior-murquijo" #1: Main mode peer ID is ID_IPV4_ADDR: 'ip_public_roadwarrior'
"roadwarrior-murquijo" #1: I did not send a certificate because I do not have one.
"roadwarrior-murquijo" #1: transition from state STATE_MAIN_R2 to state \
STATE_MAIN_R3 "roadwarrior-murquijo" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA \
established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048} \
"roadwarrior-murquijo" #1: Dead Peer Detection (RFC 3706): enabled \
"roadwarrior-murquijo" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT \
"roadwarrior-murquijo" #1: received and ignored informational message here, the \
tunnel is enabled, but when i try to access to our intranet appear the following \
message: "roadwarrior-murquijo" #1: ignoring informational payload, type \
IPSEC_INITIAL_CONTACT "roadwarrior-murquijo" #1: received and ignored informational \
message "roadwarrior-murquijo" #1: cannot respond to IPsec SA request because no \
connection is known for \
10.105.0.0/16===[ip_public_server]...[ip_public_roadwarrior]===192.168.200.20/32 \
"roadwarrior-murquijo" #1: sending encrypted notification INVALID_ID_INFORMATION to \
[ip_public_roadwarrior]:21655 "roadwarrior-murquijo" #1: Quick Mode I1 message is \
unacceptable because it uses a previously used Message ID 0xc8ceedf9 (perhaps this is \
a duplicated packet) "roadwarrior-murquijo" #1: sending encrypted notification \
INVALID_MESSAGE_ID to [ip_public_roadwarrior]:21655 "roadwarrior-murquijo" #1: Quick \
Mode I1 message is unacceptable because it uses a previously used Message ID \
0xc8ceedf9 (perhaps this is a duplicated packet) "roadwarrior-murquijo" #1: sending \
encrypted notification INVALID_MESSAGE_ID to [ip_public_roadwarrior]:21655
the ipsec.conf respective roadwarrior is:
conn roadwarrior-murquijo
type=tunnel
authby=secret
left=81.93.214.114
leftnexthop=%defaultroute
leftsubnet=10.105.0.0/16
right=195.5.94.158
rightnexthop=%defaultroute
rightsubnet=192.168.200.0/24
dpddelay=30
dpdtimeout=120
dpdaction=clear
keyingtries=3
pfs=no
auto=add
and we use the VPN Client Shrew Soft to connect to our intranet.
Could Anybody help us?
thanks in advanced.
regards
Alfonso Viso Puerta
IT Department
___________________________________
Ce message contient des informations confidentielles ou appartenant à
Boursorama et est établi à l'intention exclusive de ses destinataires. Toute
divulgation, utilisation, diffusion ou reproduction (totale ou partielle) de ce
message, ou des informations qu'il contient, doit être préalablement
autorisée. Tout message électronique est susceptible d'altération et son
intégrité ne peut être assurée. Boursorama décline toute responsabilité au
titre de ce message s'il a été modifié ou falsifié. Si vous n'êtes pas
destinataire de ce message, merci de le détruire immédiatement et d'avertir
l'expéditeur de l'erreur de distribution et de la destruction du message.
___________________________________
This e-mail contains confidential information or information belonging to
Boursorama and is intended solely for the addressees. The unauthorised
disclosure, use, dissemination or copying (either whole or partial) of this
e-mail, or any information it contains, is prohibited. E-mails are susceptible
to alteration and their integrity cannot be guaranteed. Boursorama shall not be
liable for this e-mail if modified or falsified. If you are not the intended
recipient of this e-mail, please delete it immediately from your system and
notify the sender of the wrong delivery and the mail deletion.
___________________________________
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1619" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>Hello all,
</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>i can to established
tunnel between a cisco pix and openswan server with PSK , but now i have a
problem when i try to connect a roadwarrior. </FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>At first, the
negotation is ok, in /var/log/secure appears :</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial
size=2>"roadwarrior-murquijo" #1: responding to Main
Mode<BR> "roadwarrior-murquijo" #1: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1<BR>"roadwarrior-murquijo" #1: STATE_MAIN_R1: sent MR1,
expecting MI2<BR>"roadwarrior-murquijo" #1: NAT-Traversal: Result using RFC 3947
(NAT-Traversal): peer is NATed<BR>"roadwarrior-murquijo" #1: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2<BR>"roadwarrior-murquijo" #1:
STATE_MAIN_R2: sent MR2, expecting MI3<BR>"roadwarrior-murquijo" #1: Main mode
peer ID is ID_IPV4_ADDR: 'ip_public_roadwarrior'<BR>"roadwarrior-murquijo" #1: I
did not send a certificate because I do not have
one.<BR> "roadwarrior-murquijo" #1: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3<BR>"roadwarrior-murquijo" #1: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
group=modp2048}<BR>"roadwarrior-murquijo" #1: Dead Peer Detection (RFC 3706):
enabled<BR>"roadwarrior-murquijo" #1: ignoring informational payload, type
IPSEC_INITIAL_CONTACT<BR>"roadwarrior-murquijo" #1: received and ignored
informational message<BR></FONT></SPAN><SPAN class=726351616-26122008><FONT
face=Arial size=2>here, the tunnel is enabled, but when i try to access to our
intranet appear the following message:</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial
size=2>"roadwarrior-murquijo" #1: ignoring informational payload, type
IPSEC_INITIAL_CONTACT<BR>"roadwarrior-murquijo" #1: received and ignored
informational message<BR>"roadwarrior-murquijo" #1: cannot respond to IPsec SA
request because no connection is known for
10.105.0.0/16===[ip_public_server]...[ip_public_roadwarrior]===192.168.200.20/32<BR> "roadwarrior-murquijo" \
#1: sending encrypted notification INVALID_ID_INFORMATION to
[ip_public_roadwarrior]:21655<BR>"roadwarrior-murquijo" #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID 0xc8ceedf9
(perhaps this is a duplicated packet)<BR> "roadwarrior-murquijo" #1:
sending encrypted notification INVALID_MESSAGE_ID to
[ip_public_roadwarrior]:21655<BR>"roadwarrior-murquijo" #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID 0xc8ceedf9
(perhaps this is a duplicated packet)<BR>"roadwarrior-murquijo" #1: sending
encrypted notification INVALID_MESSAGE_ID to
[ip_public_roadwarrior]:21655</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>the ipsec.conf
respective roadwarrior is:</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>conn
roadwarrior-murquijo<BR>
type=tunnel<BR>
authby=secret<BR>
left=81.93.214.114<BR>
leftnexthop=%defaultroute<BR>
leftsubnet=10.105.0.0/16<BR>
right=195.5.94.158<BR>
rightnexthop=%defaultroute<BR>
rightsubnet=192.168.200.0/24<BR>
dpddelay=30<BR>
dpdtimeout=120<BR>
dpdaction=clear<BR>
keyingtries=3<BR>
pfs=no<BR>
auto=add</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>and we use the VPN
Client Shrew Soft to connect to our intranet.</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>Could Anybody help
us?</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>thanks in
advanced.</FONT></SPAN></DIV>
<DIV><SPAN class=726351616-26122008><FONT face=Arial size=2>regards</DIV>
<DIV><BR></DIV></FONT></SPAN><SPAN class=726351616-26122008><FONT face=Arial
size=2></FONT></SPAN>
<DIV><SPAN class=726351616-26122008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<P><FONT size=2><FONT face=Tahoma>Alfonso Viso Puerta<BR>IT
Department<BR></FONT><SPAN lang=ES
style="FONT-SIZE: 7.5pt; FONT-FAMILY: 'Arial Narrow'; mso-ansi-language: ES"><FONT
size=2><SPAN lang=ES
style="FONT-SIZE: 7.5pt; FONT-FAMILY: 'Arial Narrow'; mso-ansi-language: ES"><FONT
size=2><SPAN lang=ES
style="FONT-SIZE: 7.5pt; FONT-FAMILY: 'Arial Narrow'; mso-ansi-language: ES"></P>
<DIV class=Section1><SPAN class=726351616-26122008><FONT face=Arial
size=2></FONT></SPAN></SPAN></FONT></SPAN></FONT></SPAN></FONT> </DIV><hr/> <p> \
Ce message contient des informations confidentielles ou appartenant à Boursorama et \
est établi à l'intention exclusive de ses destinataires. Toute divulgation, \
utilisation, diffusion ou reproduction (totale ou partielle) de ce message, ou des \
informations qu'il contient, doit être préalablement autorisée. Tout message \
électronique est susceptible d'altération et son intégrité ne peut être assurée.<br/> \
Boursorama décline toute responsabilité au titre de ce message s'il a été modifié ou \
falsifié. Si vous n'êtes pas destinataire de ce message, merci de le détruire \
immédiatement et d'avertir l'expéditeur de l'erreur de distribution et de la \
destruction du message. </p> <hr/> <p> This e-mail contains confidential information \
or information belonging to Boursorama and is intended solely for the addressees. The \
unauthorised disclosure, use, dissemination or copying (either whole or partial) of \
this e-mail, or any information it contains, is prohibited. E-mails are susceptible \
to alteration and their integrity cannot be guaranteed. Boursorama shall not be \
liable for this e-mail if modified or falsified. If you are not the intended \
recipient of this e-mail, please delete it immediately from your system and notify \
the sender of the wrong delivery and the mail deletion. </p> <hr/> </body>
</HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic