Hello List,
i am running always in timouts during the creation of the sa between a
fresswan box (Redhat 7.2-kernel 2.4.9-13/ freeswan 1.96/ x509 patched/
192.168.7.149) and a w2k sp2(192.168.7.138)
station with vpntool.
the oakley.log looks like a loop (sending resume sending resume ...->
timeout). can someone give me a hint please. i have no ideas whats
miconfigured.
thank you
robert
------------------------------------------------------------------
************************
ipsec.conf on w2k with vpntool
************************
conn roadwarrior
left=%any
right=192.168.7.149
rightca="C=DE, ST=st1, O=Internet Widgits Pty Ltd, CN=mainca,
Email=mainca_at_me.de"
network=auto
auto=start
pfs=yes
conn roadwarrior-net
left=%any
right=192.168.7.149
rightnet=192.168.7.149/255.255.255.255
rightca="C=DE, ST=st1, O=Internet Widgits Pty Ltd, CN=mainca,
Email=mainca_at_me.de"
network=auto
auto=start
pfs=yes
************************
ipsec.conf on freeswan box
************************
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=all
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
right=192.168.7.149
rightcert=xrichter.pem
pfs=yes
auto=add
conn roadwarrior
left=%any
**********************
ipsec.secrets on freeswan box
**********************
: RSA xrichter.key "secret"
**********************
oakley.log on w2k box**********************
4-03: 11:11:48:520 ESP-Algorithmus Dreifach-DES CBC
HMAC-Algorithmus SHA
Gültigkeitsdauer (Sek.) 28800
4-03: 11:11:48:520 Setting SA timeout: 25860
4-03: 11:11:48:520 Added Timeout 13c318
4-03: 11:11:48:520 Copying temp iv to sa->crypt_iv
4-03: 11:11:48:520 Created new conn entry 23b6b8
4-03: 11:11:48:520 Starting QM with mess ID b8a81946
4-03: 11:11:48:520 find(ipsec): d3d77733-47ba-4eff-8e5dc111fe716da2
4-03: 11:11:48:520 GetSpi: src = 192.168.7.149.0000, dst =
192.168.7.138.0000, proto = 00, context = 86106C88, srcMask =
255.255.255.255, destMask = 255.255.255.255, TunnelFilter 1
4-03: 11:11:48:520 Setting SPI -286597845
4-03: 11:11:48:520 constructing ISAKMP Header
4-03: 11:11:48:520 constructing HASH (null)
4-03: 11:11:48:520 constructing SA (IPSEC)
4-03: 11:11:48:520 Sending Tunnelling Attribute
4-03: 11:11:48:520 constructing QM KE
4-03: 11:11:48:520 constructing NONCE (IPSEC)
4-03: 11:11:48:520 constructing ID (proxy)
4-03: 11:11:48:520 constructing ID (proxy)
4-03: 11:11:48:520 constructing HASH (QM)
4-03: 11:11:48:520 Construct QM Hash mess ID = 1176086712
4-03: 11:11:48:520 Throw: State mask=30004
4-03: 11:11:48:520 Doing tripleDES
4-03: 11:11:48:520 Added Timeout d9fc8
4-03: 11:11:48:520 Setting Retransmit: sa 23c750 centry 23b6b8 handle d9fc8
context 23a6c0
4-03: 11:11:48:520
4-03: 11:11:48:520 Sending: SA = 0x0023C750 to 192.168.7.149
4-03: 11:11:48:520 ISAKMP Header: (V1.0), len = 300
4-03: 11:11:48:520 I-COOKIE 9673000432daeeaf
4-03: 11:11:48:520 R-COOKIE 60adf136636583d2
4-03: 11:11:48:520 exchange: Oakley Quick Mode
4-03: 11:11:48:520 flags: 1 ( encrypted )
4-03: 11:11:48:520 next payload: HASH
4-03: 11:11:48:520 message ID: b8a81946
4-03: 11:11:48:520
4-03: 11:11:48:520 Resume: (get) SA = 0x00000000 from 192.168.7.149
4-03: 11:11:48:520 ISAKMP Header: (V1.0), len = 84
4-03: 11:11:48:520 I-COOKIE 9673000432daeeaf
4-03: 11:11:48:520 R-COOKIE 806ba98665aa4cde
4-03: 11:11:48:520 exchange: Oakley Main Mode
4-03: 11:11:48:520 flags: 0
4-03: 11:11:48:520 next payload: SA
4-03: 11:11:48:520 message ID: 00000000
4-03: 11:11:48:520 Cookie exists already! Boy are we slow.
4-03: 11:11:48:520 Responding with new SA 0
4-03: 11:11:48:520 HandleFirstPacketResponder failed cbad0324
4-03: 11:11:49:520
4-03: 11:11:49:520 Resume: (get) SA = 0x00000000 from 192.168.7.149
4-03: 11:11:49:520 ISAKMP Header: (V1.0), len = 84
4-03: 11:11:49:520 I-COOKIE 9673000432daeeaf
4-03: 11:11:49:520 R-COOKIE b9d373ac0bd9a2eb
4-03: 11:11:49:520 exchange: Oakley Main Mode
4-03: 11:11:49:520 flags: 0
4-03: 11:11:49:520 next payload: SA
4-03: 11:11:49:520 message ID: 00000000
4-03: 11:11:49:520 Cookie exists already! Boy are we slow.
4-03: 11:11:49:520 Responding with new SA 0
4-03: 11:11:49:520 HandleFirstPacketResponder failed cbad0324
4-03: 11:11:49:520 Handling Retransmit: sa 23c750 centry 23b6b8 handle
d9fc8 context 23a6c0
4-03: 11:11:49:520 retransmit: sa = 0023C750 centry 0023B6B8 , count = 0
4-03: 11:11:49:520
4-03: 11:11:49:520 Sending: SA = 0x0023C750 to 192.168.7.149
4-03: 11:11:49:520 ISAKMP Header: (V1.0), len = 300
4-03: 11:11:49:520 I-COOKIE 9673000432daeeaf
4-03: 11:11:49:520 R-COOKIE 60adf136636583d2
4-03: 11:11:49:520 exchange: Oakley Quick Mode
4-03: 11:11:49:520 flags: 1 ( encrypted )
4-03: 11:11:49:520 next payload: HASH
4-03: 11:11:49:520 message ID: b8a81946
4-03: 11:11:51:520 Handling Retransmit: sa 23c750 centry 23b6b8 handle
d9fc8 context 23a6c0
4-03: 11:11:51:520 retransmit: sa = 0023C750 centry 0023B6B8 , count = 1
4-03: 11:11:51:520
4-03: 11:11:51:520 Sending: SA = 0x0023C750 to 192.168.7.149
4-03: 11:11:51:520 ISAKMP Header: (V1.0), len = 300
4-03: 11:11:51:520 I-COOKIE 9673000432daeeaf
4-03: 11:11:51:520 R-COOKIE 60adf136636583d2
4-03: 11:11:51:520 exchange: Oakley Quick Mode
4-03: 11:11:51:520 flags: 1 ( encrypted )
4-03: 11:11:51:520 next payload: HASH
4-03: 11:11:51:520 message ID: b8a81946
4-03: 11:11:55:520 Handling Retransmit: sa 23c750 centry 23b6b8 handle
d9fc8 context 23a6c0
4-03: 11:11:55:520 retransmit: sa = 0023C750 centry 0023B6B8 , count = 2
4-03: 11:11:55:520
4-03: 11:11:55:520 Sending: SA = 0x0023C750 to 192.168.7.149
4-03: 11:11:55:520 ISAKMP Header: (V1.0), len = 300
4-03: 11:11:55:520 I-COOKIE 9673000432daeeaf
4-03: 11:11:55:520 R-COOKIE 60adf136636583d2
4-03: 11:11:55:520 exchange: Oakley Quick Mode
4-03: 11:11:55:520 flags: 1 ( encrypted )
4-03: 11:11:55:520 next payload: HASH
4-03: 11:11:55:520 message ID: b8a81946
4-03: 11:11:56:520
4-03: 11:11:56:520 Resume: (get) SA = 0x0023c750 from 192.168.7.149
4-03: 11:11:56:520 ISAKMP Header: (V1.0), len = 1540
4-03: 11:11:56:520 I-COOKIE 9673000432daeeaf
4-03: 11:11:56:520 R-COOKIE 60adf136636583d2
4-03: 11:11:56:520 exchange: Oakley Main Mode
4-03: 11:11:56:520 flags: 1 ( encrypted )
4-03: 11:11:56:520 next payload: ID
4-03: 11:11:56:520 message ID: 00000000
4-03: 11:11:56:520 Doing tripleDES
4-03: 11:11:56:520 invalid payload received
4-03: 11:11:56:520 GetPacket failed cbad034b
4-03: 11:12:03:520 Handling Retransmit: sa 23c750 centry 23b6b8 handle
d9fc8 context 23a6c0
4-03: 11:12:03:520 retransmit: sa = 0023C750 centry 0023B6B8 , count = 3
4-03: 11:12:03:520
4-03: 11:12:03:520 Sending: SA = 0x0023C750 to 192.168.7.149
4-03: 11:12:03:520 ISAKMP Header: (V1.0), len = 300
4-03: 11:12:03:520 I-COOKIE 9673000432daeeaf
4-03: 11:12:03:520 R-COOKIE 60adf136636583d2
4-03: 11:12:03:520 exchange: Oakley Quick Mode
4-03: 11:12:03:520 flags: 1 ( encrypted )
4-03: 11:12:03:520 next payload: HASH
4-03: 11:12:03:520 message ID: b8a81946
4-03: 11:12:04:520
4-03: 11:12:04:520 Resume: (get) SA = 0x0023c750 from 192.168.7.149
4-03: 11:12:04:520 ISAKMP Header: (V1.0), len = 1540
4-03: 11:12:04:520 I-COOKIE 9673000432daeeaf
4-03: 11:12:04:520 R-COOKIE 60adf136636583d2
4-03: 11:12:04:520 exchange: Oakley Main Mode
4-03: 11:12:04:520 flags: 1 ( encrypted )
4-03: 11:12:04:520 next payload: ID
4-03: 11:12:04:520 message ID: 00000000
4-03: 11:12:04:520 Doing tripleDES
4-03: 11:12:04:520 invalid payload received
4-03: 11:12:04:520 GetPacket failed cbad034b
4-03: 11:12:19:520 Handling Retransmit: sa 23c750 centry 23b6b8 handle
d9fc8 context 23a6c0
4-03: 11:12:19:520 retransmit: sa = 0023C750 centry 0023B6B8 , count = 4
4-03: 11:12:19:520
4-03: 11:12:19:520 Sending: SA = 0x0023C750 to 192.168.7.149
4-03: 11:12:19:520 ISAKMP Header: (V1.0), len = 300
4-03: 11:12:19:520 I-COOKIE 9673000432daeeaf
4-03: 11:12:19:520 R-COOKIE 60adf136636583d2
4-03: 11:12:19:520 exchange: Oakley Quick Mode
4-03: 11:12:19:520 flags: 1 ( encrypted )
4-03: 11:12:19:520 next payload: HASH
4-03: 11:12:19:520 message ID: b8a81946
4-03: 11:12:21:520 ReapCentry Neg in progress. Not deleting. centry
0023B6B8 Tick 1
4-03: 11:12:29:520
4-03: 11:12:29:520 Resume: (get) SA = 0x0023c750 from 192.168.7.149
4-03: 11:12:29:520 ISAKMP Header: (V1.0), len = 300
4-03: 11:12:29:520 I-COOKIE 9673000432daeeaf
4-03: 11:12:29:520 R-COOKIE 60adf136636583d2
4-03: 11:12:29:520 exchange: Oakley Quick Mode
4-03: 11:12:29:520 flags: 1 ( encrypted )
4-03: 11:12:29:520 next payload: HASH
4-03: 11:12:29:520 message ID: b8a81946
4-03: 11:12:29:520 Centry 0023B6B8
4-03: 11:12:29:520 Doing tripleDES
4-03: 11:12:29:520 Stopping RetransTimer sa:0023C750 centry:0023B6B8
handle:000D9FC8
4-03: 11:12:29:520 Dropping Centry. Too slow 0023B6B8 86106C88
4-03: 11:12:29:520 CE Dead. sa:0023C750 ce:0023B6B8 status:cbad032f
4-03: 11:12:29:520 Datenschutzmodus (Schnellmodus)
4-03: 11:12:29:520 Quell-IP-Adresse 192.168.7.138
Quell-IP-Adressmaske 255.255.255.255
Ziel-IP-Adresse 192.168.7.149
Ziel-IP-Adressmaske 255.255.255.255
Protokoll 0
Quellport 0
Zielport 0
4-03: 11:12:29:520 Benutzer
4-03: 11:12:29:520 Aushandlung dauerte zu lange.
4-03: 11:12:29:520 isadb_set_status sa:0023C750 centry:0023B6B8 status
cbad032f
4-03: 11:12:40:520
4-03: 11:12:40:520 Resume: (get) SA = 0x0023c750 from 192.168.7.149
4-03: 11:12:40:520 ISAKMP Header: (V1.0), len = 300
4-03: 11:12:40:520 I-COOKIE 9673000432daeeaf
4-03: 11:12:40:520 R-COOKIE 60adf136636583d2
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:47 CEST