IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Further info about IPSec setup probs WinXP <-> FreeSWAN

From: Ralf G. R. Bergs (rabe_at_RWTH-Aachen.DE)
Date: Tue May 14 2002 - 10:30:46 CEST

Hi there,

the following is a logfile snippet of a further try to establish a connection
between WinXP-IPSec and FreeS/WAN 1.96 (as always, hostnames and IP addresses
have been "sanitized" to hide the hosts' identities):

May 14 10:18:52 Gateway ipsec__plutorun: Starting Pluto subsystem...
May 14 10:18:52 Gateway Pluto[27715]: Starting Pluto (FreeS/WAN Version 1.96)
May 14 10:18:52 Gateway Pluto[27715]: including X.509 patch (Version 0.9.9)
May 14 10:18:52 Gateway Pluto[27715]: Changing to directory
'/etc/ipsec.d/cacerts'
May 14 10:18:52 Gateway Pluto[27715]: loaded cacert file 'cacert.pem' (1915
bytes)
May 14 10:18:55 Gateway Pluto[27715]: Changing to directory
'/etc/ipsec.d/crls'
May 14 10:18:55 Gateway Pluto[27715]: loaded crl file 'crl.pem' (784 bytes)
May 14 10:18:57 Gateway Pluto[27715]: loaded my X.509 cert file
'/etc/x509cert.der' (1266 bytes)
May 14 10:19:00 Gateway Pluto[27715]: added connection description "gw-hostA"
May 14 10:19:00 Gateway Pluto[27715]: listening for IKE messages
May 14 10:19:00 Gateway Pluto[27715]: adding interface ipsec0/eth0
aaa.bbb.28.10
May 14 10:19:00 Gateway Pluto[27715]: loading secrets from
"/etc/ipsec.secrets"
May 14 10:19:00 Gateway Pluto[27715]: loaded private key file
'/etc/ipsec.d/private/gatewayKey.pem' (887 bytes)
May 14 10:19:46 Gateway Pluto[27715]: packet from ccc.ddd.7.246:500:
Informational Exchange is for an unknown (expired?) SA
May 14 10:19:47 Gateway Pluto[27715]: packet from ccc.ddd.7.246:500: ignoring
Vendor ID payload
May 14 10:19:47 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #1: responding
to Main Mode from unknown peer ccc.ddd.7.246
May 14 10:19:48 Gateway Pluto[27715]: packet from ccc.ddd.7.246:500: ignoring
Vendor ID payload
May 14 10:19:48 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #2: responding
to Main Mode from unknown peer ccc.ddd.7.246
May 14 10:19:51 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #1: discarding
duplicate packet; already STATE_MAIN_R2
May 14 10:19:51 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #2: ignoring
informational payload, type INVALID_COOKIE
May 14 10:19:52 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #2: received
and ignored informational message
May 14 10:19:52 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #1: encrypted
Informational Exchange message is invalid because it is for incomplete ISAKMP
SA
May 14 10:19:59 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #2: ignoring
informational payload, type INVALID_COOKIE
May 14 10:19:59 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #2: received
and ignored informational message
May 14 10:20:20 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #2: ignoring
informational payload, type INVALID_COOKIE
May 14 10:20:20 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #2: received
and ignored informational message
May 14 10:20:59 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #2: max number
of retransmissions (2) reached STATE_MAIN_R1
May 14 10:21:01 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #1: max number
of retransmissions (2) reached STATE_MAIN_R2
May 14 10:21:01 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246: deleting
connection "gw-hostA" instance with peer ccc.ddd.7.246
May 14 10:22:01 Gateway Pluto[27715]: packet from ccc.ddd.7.246:500:
Informational Exchange is for an unknown (expired?) SA
May 14 10:22:02 Gateway Pluto[27715]: packet from ccc.ddd.7.246:500: ignoring
Vendor ID payload
May 14 10:22:02 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #3: responding
to Main Mode from unknown peer ccc.ddd.7.246
May 14 10:22:03 Gateway Pluto[27715]: packet from ccc.ddd.7.246:500: ignoring
Vendor ID payload
May 14 10:22:03 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #4: responding
to Main Mode from unknown peer ccc.ddd.7.246
May 14 10:22:06 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #3: discarding
duplicate packet; already STATE_MAIN_R2
May 14 10:22:06 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #4: ignoring
informational payload, type INVALID_COOKIE
May 14 10:22:06 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #4: received
and ignored informational message
May 14 10:22:07 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #3: encrypted
Informational Exchange message is invalid because it is for incomplete ISAKMP
SA
May 14 10:22:14 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #4: ignoring
informational payload, type INVALID_COOKIE
May 14 10:22:14 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #4: received
and ignored informational message
May 14 10:22:35 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #4: ignoring
informational payload, type INVALID_COOKIE
May 14 10:22:35 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #4: received
and ignored informational message
May 14 10:23:14 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #4: max number
of retransmissions (2) reached STATE_MAIN_R1
May 14 10:23:16 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246 #3: max number
of retransmissions (2) reached STATE_MAIN_R2
May 14 10:23:16 Gateway Pluto[27715]: "gw-hostA" ccc.ddd.7.246: deleting
connection "gw-hostA" instance with peer ccc.ddd.7.246

Any idea what could be going wrong?

Thanks,

Ralf 

-- 
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:59 CEST