'Re: [strongSwan] Problems with certificates : next payload type of'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    Re: [strongSwan] Problems with certificates : next payload type of
From:       Andreas Steffen <andreas.steffen () strongswan ! org>
Date:       2007-03-30 13:58:45
Message-ID: 460D1795.5080100 () strongswan ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

Hi Jose,

the relevant error message is:

 > Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1:
 > cannot respond to IPsec SA request because no connection is known for
 > 192.168.1.0/24===10.95.27.200
   [C=es <http://192.168.1.0/24===10.95.27.200%5BC=es>, ST=madrid,
    L=madrid, O=tid, CN=gateway, E=gateway@example.com]
    ...10.95.27.195[C=es
 > <mailto:E=gateway@example.com]...10.95.27.195[C=es>, ST=madrid,
 > L=madrid, O=tid, CN=client, E=client@example.com
 > <mailto:E=client@example.com>]

This is very confusing due to the insertion of mailto and http tags
by your [Windows?] editor. But it should exactly match the output
of

   ipsec status prueba3

Regards

Andreas

Jose del Rio wrote:
> Hi all,
>  
> I could solve partially my problem. I think it was related with the 
> length of the RSA private key in the openssl.cnf. I changed that value 
> from 2048 to 1024. With this change i could establish a IPSec tunnel 
> between a new VPN Client (The Green Bow) and my gateway, but with Linsys 
> IPSec tool it doesnt work.
> I can show the new log for this new situation, where the situation is 
> strange for me because the log said "sent MR3, ISAKMP SA established" 
> and a after a few messages it appears in the log "cannot respond to 
> IPsec SA request because no connection is known for...".
> So i ask for someone could give me an idea to know what is happening 
> right now...
> I would be very grateful.
>  
> Next lines show the log commented above.
>  
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Starting Pluto (strongSwan 
> Version 2.8.3 VENDORID KEYRR)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   including NAT-Traversal 
> patch (Version 0.6c) [disabled]
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | xauth module: using default 
> get_secret() function
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | xauth module: using default 
> verify_secret() function
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | inserting event 
> EVENT_REINIT_SECRET, timeout in 3600 seconds
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating 
> OAKLEY_AES_CBC encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating 
> OAKLEY_BLOWFISH_CBC encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating 
> OAKLEY_SERPENT_CBC encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating 
> OAKLEY_SHA2_256 hash: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating 
> OAKLEY_SHA2_384 hash: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating 
> OAKLEY_SHA2_512 hash: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating 
> OAKLEY_TWOFISH_CBC encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: ike_alg: Activating 
> OAKLEY_TWOFISH_CBC_SSH encryption: Ok
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Testing registered IKE 
> encryption algorithms:
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_BLOWFISH_CBC 
> self-test not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_3DES_CBC self-test 
> not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_AES_CBC self-test not 
> available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SERPENT_CBC self-test 
> not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_TWOFISH_CBC self-test 
> not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_TWOFISH_CBC_SSH 
> self-test not available
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Testing registered IKE hash 
> algorithms:
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_MD5 hash self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_MD5 hmac self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SHA hash self-test 
> passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SHA hmac self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SHA2_256 hash 
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SHA2_256 hmac 
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SHA2_384 hash 
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SHA2_384 hmac 
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SHA2_512 hash 
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   OAKLEY_SHA2_512 hmac 
> self-test passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: All crypto self-tests passed
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Using Linux 2.6 IPsec 
> interface code
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory 
> '/etc/ipsec.d/cacerts'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   loaded CA cert file 
> 'cacert.pem' (1123 bytes)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: |   authcert inserted
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory 
> '/etc/ipsec.d/aacerts'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory 
> '/etc/ipsec.d/ocspcerts'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory 
> '/etc/ipsec.d/crls'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   loaded crl file 'crl.pem' 
> (463 bytes)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | crl issuer cacert found
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | crl signature is valid
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: Changing to directory 
> '/etc/ipsec.d/acerts'
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | inserting event 
> EVENT_LOG_DAILY, timeout in 44569 seconds
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | next event 
> EVENT_REINIT_SECRET in 3600 seconds
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | *received whack message
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: listening for IKE messages
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | found lo with address 
> 127.0.0.1 <http://127.0.0.1/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | found eth0 with address 
> 10.95.27.200 <http://10.95.27.200/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | found eth1 with address 
> 192.168.1.200 <http://192.168.1.200/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: adding interface eth1/eth1 
> 192.168.1.200:500 <http://192.168.1.200:500/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: adding interface eth0/eth0 
> 10.95.27.200:500 <http://10.95.27.200:500/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: adding interface lo/lo 
> 127.0.0.1:500 <http://127.0.0.1:500/>
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | found lo with address 
> 0000:0000:0000:0000:0000:0000:0000:0001
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: adding interface lo/lo ::1:500
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: loading secrets from 
> "/etc/ipsec.secrets"
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   loaded private key file 
> '/etc/ipsec.d/private/gatewayreq.key' (963 bytes)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | next event 
> EVENT_REINIT_SECRET in 3600 seconds
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | *received whack message
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | from whack: got 
> --esp=3des-sha1, 3des-md5
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | esp string values: 3_000-2, 
> 3_000-1,
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | from whack: got 
> --ike=3des-sha, 3des-md5
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | ike string values: 
> 5_000-2-5, 5_000-2-2, 5_000-1-5, 5_000-1-2,
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]:   loaded host cert file 
> '/etc/ipsec.d/certs/gatewaycert.pem' (3397 bytes)
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: |   not before  : Mar 30 
> 08:33:09 UTC 2007
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: |   current time: Mar 30 
> 09:37:11 UTC 2007
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: |   not after   : Mar 27 
> 08:33:09 UTC 2017
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | certificate is valid
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: |   x509 cert inserted
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: added connection description 
> "prueba3"
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | 
> 192.168.1.200/32===10.95.27.200[C=es 
> <http://192.168.1.200/32===10.95.27.200%5BC=es>, ST=madrid, L=madrid, 
> O=tid, CN=gateway, 
> E=gateway@example.com]---10.95.0.1...10.95.27.195[C=es 
> <mailto:E=gateway@example.com]---10.95.0.1...10.95.27.195[C=es>, 
> ST=madrid, L=madrid, O=tid, CN=client, E=client@example.com 
> <mailto:E=client@example.com>]
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | ike_life: 10800s; 
> ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1; 
> policy: RSASIG+ENCRYPT+TUNNEL+PFS
> Mar 30 11:37:11 PI_TARJETAS pluto[29288]: | next event 
> EVENT_REINIT_SECRET in 3600 seconds
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | *received 168 bytes from 
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: packet from 10.95.27.195:500 
> <http://10.95.27.195:500/>: ignoring Vendor ID payload [MS NT5 
> ISAKMPOAKLEY 00000004]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: packet from 10.95.27.195:500 
> <http://10.95.27.195:500/>: ignoring Vendor ID payload [FRAGMENTATION]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: packet from 10.95.27.195:500 
> <http://10.95.27.195:500/>: ignoring Vendor ID payload 
> [draft-ietf-ipsec-nat-t-ike-02_n]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: packet from 10.95.27.195:500 
> <http://10.95.27.195:500/>: ignoring Vendor ID payload 
> [Vid-Initial-Contact]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | preparse_isakmp_policy: peer 
> requests RSASIG authentication
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | creating state object #1 at 
> 0x83f0b40
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | inserting event 
> EVENT_SO_DISCARD, timeout in 0 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: responding to 
> Main Mode
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | inserting event 
> EVENT_RETRANSMIT, timeout in 10 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | next event EVENT_RETRANSMIT 
> in 10 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | *received 184 bytes from 
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state object #1 found, in 
> STATE_MAIN_R1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | inserting event 
> EVENT_RETRANSMIT, timeout in 10 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | next event EVENT_RETRANSMIT 
> in 10 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | *received 1244 bytes from 
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state object #1 found, in 
> STATE_MAIN_R2
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: Peer ID is 
> ID_DER_ASN1_DN: 'C=es, ST=madrid, L=madrid, O=tid, CN=client, 
> E=client@example.com' <mailto:E=client@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | subject: 'C=es, ST=madrid, 
> L=madrid, O=tid, CN=client, E=client@example.com' 
> <mailto:E=client@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | issuer:  'C=es, ST=madrid, 
> L=madrid, O=tid, CN=ca, E=ca@example.com' <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | authkey:  
> 91:ec:eb:85:ae:2e:26:33:d0:d4:e7:ea:7e:41:b0:3b:29:46:00:03
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |   not before  : Mar 30 
> 08:50:00 UTC 2007
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |   current time: Mar 30 
> 09:37:21 UTC 2007
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |   not after   : Mar 27 
> 08:50:00 UTC 2017
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | issuer cacert found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate signature is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | crl found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | crl signature is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | serial number:  02
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | crl is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate is good
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | subject: 'C=es, ST=madrid, 
> L=madrid, O=tid, CN=ca, E=ca@example.com' <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | issuer:  'C=es, ST=madrid, 
> L=madrid, O=tid, CN=ca, E=ca@example.com' <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | authkey:  
> 91:ec:eb:85:ae:2e:26:33:d0:d4:e7:ea:7e:41:b0:3b:29:46:00:03
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |   not before  : Mar 30 
> 08:29:45 UTC 2007
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |   current time: Mar 30 
> 09:37:21 UTC 2007
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: |   not after   : Mar 25 
> 08:29:45 UTC 2027
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | issuer cacert found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | certificate signature is valid
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | reached self-signed root ca
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | an RSA Sig check passed with 
> *AwEAAbkNU [preloaded key]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer CA:      'C=es, 
> ST=madrid, L=madrid, O=tid, CN=ca, E=ca@example.com' 
> <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | requested CA: 'C=es, 
> ST=madrid, L=madrid, O=tid, CN=ca, E=ca@example.com' 
> <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | offered CA:   'C=es, 
> ST=madrid, L=madrid, O=tid, CN=ca, E=ca@example.com' 
> <mailto:E=ca@example.com'>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | our certificate policy is 
> ALWAYS_SEND
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: we have a cert 
> and are sending it
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | signing hash with RSA Key 
> *AwEAAe9vV
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | inserting event 
> EVENT_SA_REPLACE, timeout in 3230 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: sent MR3, ISAKMP 
> SA established
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE 
> in 3230 seconds for #1
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | *received 284 bytes from 
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state object #1 found, in 
> STATE_MAIN_R3
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer client is 10.95.27.195 
> <http://10.95.27.195/>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | peer client protocol/port is 
> 0/0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | our client is subnet 
> 192.168.1.0/24 <http://192.168.1.0/24>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | our client protocol/port is 0/0
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | no valid attribute cert found
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: cannot respond 
> to IPsec SA request because no connection is known for 
> 192.168.1.0/24===10.95.27.200[C=es 
> <http://192.168.1.0/24===10.95.27.200%5BC=es>, ST=madrid, L=madrid, 
> O=tid, CN=gateway, E=gateway@example.com]...10.95.27.195[C=es 
> <mailto:E=gateway@example.com]...10.95.27.195[C=es>, ST=madrid, 
> L=madrid, O=tid, CN=client, E=client@example.com 
> <mailto:E=client@example.com>]
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: "prueba3" #1: sending 
> encrypted notification INVALID_ID_INFORMATION to 10.95.27.195:500 
> <http://10.95.27.195:500/>
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | state transition function 
> for STATE_QUICK_R0 failed: INVALID_ID_INFORMATION
> Mar 30 11:37:21 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE 
> in 3230 seconds for #1
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | *received 284 bytes from 
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | state object #1 found, in 
> STATE_MAIN_R3
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: "prueba3" #1: Quick Mode I1 
> message is unacceptable because it uses a previously used Message ID 
> 0xb47cdd78 (perhaps this is a duplicated packet)
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: "prueba3" #1: sending 
> encrypted notification INVALID_MESSAGE_ID to 10.95.27.195:500 
> <http://10.95.27.195:500/>
> Mar 30 11:37:22 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE 
> in 3229 seconds for #1
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | *received 284 bytes from 
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | state object #1 found, in 
> STATE_MAIN_R3
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: "prueba3" #1: Quick Mode I1 
> message is unacceptable because it uses a previously used Message ID 
> 0xb47cdd78 (perhaps this is a duplicated packet)
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: "prueba3" #1: sending 
> encrypted notification INVALID_MESSAGE_ID to 10.95.27.195:500 
> <http://10.95.27.195:500/>
> Mar 30 11:37:24 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE 
> in 3227 seconds for #1
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | *received 284 bytes from 
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | state object #1 found, in 
> STATE_MAIN_R3
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: "prueba3" #1: Quick Mode I1 
> message is unacceptable because it uses a previously used Message ID 
> 0xb47cdd78 (perhaps this is a duplicated packet)
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: "prueba3" #1: sending 
> encrypted notification INVALID_MESSAGE_ID to 10.95.27.195:500 
> <http://10.95.27.195:500/>
> Mar 30 11:37:28 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE 
> in 3223 seconds for #1
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | *received 284 bytes from 
> 10.95.27.195:500 <http://10.95.27.195:500/> on eth0
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | state object not found
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | ICOOKIE:  16 3f ac 93  79 c4 
> 85 dc
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | RCOOKIE:  f8 8c f9 52  b2 35 
> 03 50
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | peer:  0a 5f 1b c3
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | state hash entry 18
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | state object #1 found, in 
> STATE_MAIN_R3
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: "prueba3" #1: Quick Mode I1 
> message is unacceptable because it uses a previously used Message ID 
> 0xb47cdd78 (perhaps this is a duplicated packet)
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: "prueba3" #1: sending 
> encrypted notification INVALID_MESSAGE_ID to 10.95.27.195:500 
> <http://10.95.27.195:500/>
> Mar 30 11:37:36 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE 
> in 3215 seconds for #1
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: | *received whack message
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: | 
> kernel_alg_esp_auth_keylen(auth=2, sadb_aalg=3): a_keylen=20
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: | 
> kernel_alg_esp_auth_keylen(auth=1, sadb_aalg=2): a_keylen=16
> Mar 30 11:37:50 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE 
> in 3201 seconds for #1
> Mar 30 11:37:51 PI_TARJETAS pluto[29288]: | 
> Mar 30 11:37:51 PI_TARJETAS pluto[29288]: | *received whack message
> Mar 30 11:37:51 PI_TARJETAS pluto[29288]: | next event EVENT_SA_REPLACE 
> in 3200 seconds for #1
> + _________________________ date
> + date
> Fri Mar 30 11:37:51 CEST 2007

-- 
======================================================================
Andreas Steffen                         andreas.steffen@strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org 

Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

["smime.p7s" (application/x-pkcs7-signature)]

_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[prev in list] [next in list] [prev in thread] [next in thread] 