[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Problems with certificates : next payload type of
From: Andreas Steffen <andreas.steffen () strongswan ! org>
Date: 2007-03-30 13:58:45
Message-ID: 460D1795.5080100 () strongswan ! org
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
Hi Jose,
the relevant error message is:
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1:
> cannot respond to IPsec SA request because no connection is known for
> 192.168.1.0/24===10.95.27.200
[C=es <http://192.168.1.0/24===10.95.27.200%5BC=es>, ST=madrid,
L=madrid, O=tid, CN=gateway, E=gateway@example.com]
...10.95.27.195[C=es
> <mailto:E=gateway@example.com]...10.95.27.195[C=es>, ST=madrid,
> L=madrid, O=tid, CN=client, E=client@example.com
> <mailto:E=client@example.com>]
This is very confusing due to the insertion of mailto and http tags
by your [Windows?] editor. But it should exactly match the output
of
ipsec status prueba3
Regards
Andreas
Jose del Rio wrote:
> Hi all,
>
> I could solve partially my problem. I think it was related with the
> length of the RSA private key in the openssl.cnf. I changed that value
> from 2048 to 1024. With this change i could establish a IPSec tunnel
> between a new VPN Client (The Green Bow) and my gateway, but with Linsys
> IPSec tool it doesnt work.
> I can show the new log for this new situation, where the situation is
> strange for me because the log said "sent MR3, ISAKMP SA established"
> and a after a few messages it appears in the log "cannot respond to
> IPsec SA request because no connection is known for...".
> So i ask for someone could give me an idea to know what is happening
> right now...
> I would be very grateful.
>
> Next lines show the log commented above.
>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Starting Pluto (strongSwan
> Version 2.8.3 VENDORID KEYRR)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: including NAT-Traversal
> patch (Version 0.6c) [disabled]
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | xauth module: using default
> get_secret() function
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | xauth module: using default
> verify_secret() function
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | inserting event
> EVENT_REINIT_SECRET, timeout in 3600 seconds
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating
> OAKLEY_AES_CBC encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating
> OAKLEY_BLOWFISH_CBC encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating
> OAKLEY_SERPENT_CBC encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating
> OAKLEY_SHA2_256 hash: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating
> OAKLEY_SHA2_384 hash: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating
> OAKLEY_SHA2_512 hash: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating
> OAKLEY_TWOFISH_CBC encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating
> OAKLEY_TWOFISH_CBC_SSH encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Testing registered IKE
> encryption algorithms:
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_BLOWFISH_CBC
> self-test not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_3DES_CBC self-test
> not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_AES_CBC self-test not
> available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SERPENT_CBC self-test
> not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_TWOFISH_CBC self-test
> not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_TWOFISH_CBC_SSH
> self-test not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Testing registered IKE hash
> algorithms:
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_MD5 hash self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_MD5 hmac self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SHA hash self-test
> passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SHA hmac self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SHA2_256 hash
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SHA2_256 hmac
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SHA2_384 hash
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SHA2_384 hmac
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SHA2_512 hash
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: OAKLEY_SHA2_512 hmac
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: All crypto self-tests passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Using Linux 2.6 IPsec
> interface code
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory
> '/etc/ipsec.d/cacerts'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: loaded CA cert file
> 'cacert.pem' (1123 bytes)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | authcert inserted
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory
> '/etc/ipsec.d/aacerts'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory
> '/etc/ipsec.d/ocspcerts'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory
> '/etc/ipsec.d/crls'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: loaded crl file 'crl.pem'
> (463 bytes)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | crl issuer cacert found
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | crl signature is valid
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory
> '/etc/ipsec.d/acerts'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | inserting event
> EVENT_LOG_DAILY, timeout in 44569 seconds
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | next event
> EVENT_REINIT_SECRET in 3600 seconds
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | *received whack message
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: listening for IKE messages
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | found lo with address
> 127.0.0.1 <http://127.0.0.1/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | found eth0 with address
> 10.95.27.200 <http://10.95.27.200/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | found eth1 with address
> 192.168.1.200 <http://192.168.1.200/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: adding interface eth1/eth1
> 192.168.1.200:500 <http://192.168.1.200:500/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: adding interface eth0/eth0
> 10.95.27.200:500 <http://10.95.27.200:500/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: adding interface lo/lo
> 127.0.0.1:500 <http://127.0.0.1:500/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | found lo with address
> 0000:0000:0000:0000:0000:0000:0000:0001
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: adding interface lo/lo ::1:500
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: loading secrets from
> "/etc/ipsec.secrets"
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: loaded private key file
> '/etc/ipsec.d/private/gatewayreq.key' (963 bytes)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | next event
> EVENT_REINIT_SECRET in 3600 seconds
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | *received whack message
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | from whack: got
> --esp=3des-sha1, 3des-md5
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | esp string values: 3_000-2,
> 3_000-1,
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | from whack: got
> --ike=3des-sha, 3des-md5
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | ike string values:
> 5_000-2-5, 5_000-2-2, 5_000-1-5, 5_000-1-2,
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: loaded host cert file
> '/etc/ipsec.d/certs/gatewaycert.pem' (3397 bytes)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | not before : Mar 30
> 08:33:09 UTC 2007
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | current time: Mar 30
> 09:37:11 UTC 2007
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | not after : Mar 27
> 08:33:09 UTC 2017
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | certificate is valid
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | x509 cert inserted
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: added connection description
> "prueba3"
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: |
> 192.168.1.200/32===10.95.27.200[C=es
> <http://192.168.1.200/32===10.95.27.200%5BC=es>, ST=madrid, L=madrid,
> O=tid, CN=gateway,
> E=gateway@example.com]---10.95.0.1...10.95.27.195[C=es
> <mailto:E=gateway@example.com]---10.95.0.1...10.95.27.195[C=es>,
> ST=madrid, L=madrid, O=tid, CN=client, E=client@example.com
> <mailto:E=client@example.com>]
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | ike_life: 10800s;
> ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1;
> policy: RSASIG+ENCRYPT+TUNNEL+PFS
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | next event
> EVENT_REINIT_SECRET in 3600 seconds
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | *received 168 bytes from
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: packet from 10.95.27.195:500
> <http://10.95.27.195:500/>: ignoring Vendor ID payload [MS NT5
> ISAKMPOAKLEY 00000004]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: packet from 10.95.27.195:500
> <http://10.95.27.195:500/>: ignoring Vendor ID payload [FRAGMENTATION]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: packet from 10.95.27.195:500
> <http://10.95.27.195:500/>: ignoring Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: packet from 10.95.27.195:500
> <http://10.95.27.195:500/>: ignoring Vendor ID payload
> [Vid-Initial-Contact]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | preparse_isakmp_policy: peer
> requests RSASIG authentication
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | creating state object #1 at
> 0x83f0b40
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | inserting event
> EVENT_SO_DISCARD, timeout in 0 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: responding to
> Main Mode
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | inserting event
> EVENT_RETRANSMIT, timeout in 10 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | next event EVENT_RETRANSMIT
> in 10 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | *received 184 bytes from
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state object #1 found, in
> STATE_MAIN_R1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | inserting event
> EVENT_RETRANSMIT, timeout in 10 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | next event EVENT_RETRANSMIT
> in 10 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | *received 1244 bytes from
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state object #1 found, in
> STATE_MAIN_R2
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: Peer ID is
> ID_DER_ASN1_DN: 'C=es, ST=madrid, L=madrid, O=tid, CN=client,
> E=client@example.com' <mailto:E=client@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | subject: 'C=es, ST=madrid,
> L=madrid, O=tid, CN=client, E=client@example.com'
> <mailto:E=client@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | issuer: 'C=es, ST=madrid,
> L=madrid, O=tid, CN=ca, E=ca@example.com' <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | authkey:
> 91:ec:eb:85:ae:2e:26:33:d0:d4:e7:ea:7e:41:b0:3b:29:46:00:03
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | not before : Mar 30
> 08:50:00 UTC 2007
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | current time: Mar 30
> 09:37:21 UTC 2007
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | not after : Mar 27
> 08:50:00 UTC 2017
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | issuer cacert found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate signature is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | crl found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | crl signature is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | serial number: 02
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | crl is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate is good
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | subject: 'C=es, ST=madrid,
> L=madrid, O=tid, CN=ca, E=ca@example.com' <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | issuer: 'C=es, ST=madrid,
> L=madrid, O=tid, CN=ca, E=ca@example.com' <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | authkey:
> 91:ec:eb:85:ae:2e:26:33:d0:d4:e7:ea:7e:41:b0:3b:29:46:00:03
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | not before : Mar 30
> 08:29:45 UTC 2007
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | current time: Mar 30
> 09:37:21 UTC 2007
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | not after : Mar 25
> 08:29:45 UTC 2027
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | issuer cacert found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate signature is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | reached self-signed root ca
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | an RSA Sig check passed with
> *AwEAAbkNU [preloaded key]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer CA: 'C=es,
> ST=madrid, L=madrid, O=tid, CN=ca, E=ca@example.com'
> <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | requested CA: 'C=es,
> ST=madrid, L=madrid, O=tid, CN=ca, E=ca@example.com'
> <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | offered CA: 'C=es,
> ST=madrid, L=madrid, O=tid, CN=ca, E=ca@example.com'
> <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | our certificate policy is
> ALWAYS_SEND
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: we have a cert
> and are sending it
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | signing hash with RSA Key
> *AwEAAe9vV
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | inserting event
> EVENT_SA_REPLACE, timeout in 3230 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: sent MR3, ISAKMP
> SA established
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE
> in 3230 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | *received 284 bytes from
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state object #1 found, in
> STATE_MAIN_R3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer client is 10.95.27.195
> <http://10.95.27.195/>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer client protocol/port is
> 0/0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | our client is subnet
> 192.168.1.0/24 <http://192.168.1.0/24>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | our client protocol/port is 0/0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | no valid attribute cert found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: cannot respond
> to IPsec SA request because no connection is known for
> 192.168.1.0/24===10.95.27.200[C=es
> <http://192.168.1.0/24===10.95.27.200%5BC=es>, ST=madrid, L=madrid,
> O=tid, CN=gateway, E=gateway@example.com]...10.95.27.195[C=es
> <mailto:E=gateway@example.com]...10.95.27.195[C=es>, ST=madrid,
> L=madrid, O=tid, CN=client, E=client@example.com
> <mailto:E=client@example.com>]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: sending
> encrypted notification INVALID_ID_INFORMATION to 10.95.27.195:500
> <http://10.95.27.195:500/>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state transition function
> for STATE_QUICK_R0 failed: INVALID_ID_INFORMATION
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE
> in 3230 seconds for #1
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | *received 284 bytes from
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | state object #1 found, in
> STATE_MAIN_R3
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: "prueba3" #1: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID
> 0xb47cdd78 (perhaps this is a duplicated packet)
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: "prueba3" #1: sending
> encrypted notification INVALID_MESSAGE_ID to 10.95.27.195:500
> <http://10.95.27.195:500/>
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE
> in 3229 seconds for #1
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | *received 284 bytes from
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | state object #1 found, in
> STATE_MAIN_R3
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: "prueba3" #1: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID
> 0xb47cdd78 (perhaps this is a duplicated packet)
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: "prueba3" #1: sending
> encrypted notification INVALID_MESSAGE_ID to 10.95.27.195:500
> <http://10.95.27.195:500/>
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE
> in 3227 seconds for #1
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | *received 284 bytes from
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | state object #1 found, in
> STATE_MAIN_R3
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: "prueba3" #1: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID
> 0xb47cdd78 (perhaps this is a duplicated packet)
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: "prueba3" #1: sending
> encrypted notification INVALID_MESSAGE_ID to 10.95.27.195:500
> <http://10.95.27.195:500/>
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE
> in 3223 seconds for #1
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | *received 284 bytes from
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | ICOOKIE: 16 3f ac 93 79 c4
> 85 dc
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | RCOOKIE: f8 8c f9 52 b2 35
> 03 50
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | peer: 0a 5f 1b c3
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | state object #1 found, in
> STATE_MAIN_R3
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: "prueba3" #1: Quick Mode I1
> message is unacceptable because it uses a previously used Message ID
> 0xb47cdd78 (perhaps this is a duplicated packet)
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: "prueba3" #1: sending
> encrypted notification INVALID_MESSAGE_ID to 10.95.27.195:500
> <http://10.95.27.195:500/>
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE
> in 3215 seconds for #1
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: | *received whack message
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: |
> kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: |
> kernel_alg_esp_auth_keylen(auth=1, sadb_aalg=2): a_keylen=16
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE
> in 3201 seconds for #1
> Mar 30 11:37:51 PI_TARJETAS pluto[29288]: |
> Mar 30 11:37:51 PI_TARJETAS pluto[29288]: | *received whack message
> Mar 30 11:37:51 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE
> in 3200 seconds for #1
> + _________________________ date
> + date
> Fri Mar 30 11:37:51 CEST 2007
--
======================================================================
Andreas Steffen andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution! www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==
["smime.p7s" (application/x-pkcs7-signature)]
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic