*****SPAM***** [Users] connection refuses after 30 minutes

From: Marc Mc Guinness (security_at_mcguinness.de)
Date: Wed Sep 18 2002 - 20:46:48 CEST

• Next message: John A. Sullivan III: "Re: [Users] dhcp-over-ipsec with multiple dhcp servers and roadwarriors?"
• Previous message: Marc Mc Guinness: "[Users] Deleting old connections automatically"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (5.1 hits, 5 required)
SPAM: PORN_12 (0.7 points) BODY: Uses words and phrases which indicate porn (12)
SPAM: PORN_10 (0.6 points) BODY: Uses words and phrases which indicate porn (10)
SPAM: PORN_4 (1.4 points) URI: Uses words and phrases which indicate porn (4)
SPAM: WEIRD_PORT (0.3 points) URI: Uses non-standard port number for HTTP
SPAM: MSG_ID_ADDED_BY_MTA_3 (1.1 points) 'Message-Id' was added by a relay (3)
SPAM: RCVD_IN_MULTIHOP_DSBL (1.0 points) RBL: Received via a relay in multihop.dsbl.org
SPAM: [RBL check: found 70.198.67.192.multihop.dsbl.org]
SPAM: X_RCVD_IN_UNCONFIRMED_DSBL (1.0 points) RBL: Received via a relay in unconfirmed.dsbl.org
SPAM: [RBL check: found 70.198.67.192.unconfirmed.dsbl.org]
SPAM: FUDGE_MULTIHOP_RELAY (-1.0 points) RBL: Do not double penalize if an IP is a multihop and an open relay
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------

Hello,

My connection breaks down after 30 minutes. The lifetime of keys is
set to one hour so this is not the problem. What happens here? The
connection can only be reactivated by doing
'ipsec auto --down spoint-road'

------------------------------------------------------------
Sep 18 20:02:01 spointr1 Pluto[6954]: "spoint-road" 213.7.xxx.xxx
#194: sent MR3, ISAKMP SA established
Sep 18 20:02:02 spointr1 Pluto[6954]: "spoint-road" 213.7.xxx.xxx
#195: responding to Quick Mode
Sep 18 20:02:02 spointr1 Pluto[6954]: "spoint-road" 213.7.xxx.xxx
#195: IPsec SA established
Sep 18 20:28:47 spointr1 Pluto[6954]: "spoint-road" 213.7.xxx.xxx
#194: ignoring Delete SA payload
Sep 18 20:28:47 spointr1 Pluto[6954]: "spoint-road" 213.7.xxx.xxx
#194: received and ignored informational message
Sep 18 20:31:14 spointr1 Pluto[6954]: packet from
213.7.xxx.xxx:500: ignoring Vendor ID payload
Sep 18 20:31:14 spointr1 Pluto[6954]: "spoint-road" 213.7.xxx.xxx
#196: responding to Main Mode from unknown peer 213.7.xxx.xxx
Sep 18 20:31:14 spointr1 Pluto[6954]: ERROR: "spoint-road"
213.7.xxx.xxx #196: sendto on eth0 to 213.7.xxx.xxx:500 failed in
STATE_MAIN_R0. Errno 1: Operation not permitted
Sep 18 20:31:14 spointr1 Pluto[6954]: "spoint-road" 213.7.xxx.xxx
#196: ERROR: asynchronous network error report on eth0 for message
to 213.7.xxx.xxx port 500, complainant 62.138.xxx.xxx: Connection
refused [errno 111, origin ICMP type 3 code 3 (not authenticated)
------------------------------------------------------------

'ipsec auto --status' says the following:
------------------------------------------------------------
000 "spoint-road" instance:
192.168.0.0/24===62.138.xxx.xxx---62.138.xxx.xxx...213.7.xxx.xxx
000 "spoint-road" instance: ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "spoint-road" instance: policy: PSK+ENCRYPT+TUNNEL+PFS;
interface: eth0; erouted
000 "spoint-road" instance: newest ISAKMP SA: #194; newest IPsec
SA: #195; eroute owner: #195
000 "spoint-road":
192.168.0.0/24===62.138.xxx.xxx---62.138.xxx.xxx...%any
000 "spoint-road": ike_life: 3600s; ipsec_life: 3600s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "spoint-road": policy: PSK+ENCRYPT+TUNNEL+PFS; interface:
eth0; unrouted
000 "spoint-road": newest ISAKMP SA: #0; newest IPsec SA: #0;
eroute owner: #0
000
000 #195: "spoint-road" 213.7.xxx.xxx STATE_QUICK_R2 (IPsec SA
established); EVENT_SA_REPLACE in 1387s; newest IPSEC; eroute owner
000 #195: "spoint-road" 213.7.xxx.xxx esp.cd70fe28_at_213.7.xxx.xxx
esp.b428856a_at_62.138.xxx.xxx tun.100a_at_213.7.xxx.xxx
tun.1009_at_62.138.xxx.xxx
000 #194: "spoint-road" 213.7.xxx.xxx STATE_MAIN_R3 (sent MR3,
ISAKMP SA established); EVENT_SA_REPLACE in 1386s; newest ISAKMP
------------------------------------------------------------

Best regards,

Marc
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: John A. Sullivan III: "Re: [Users] dhcp-over-ipsec with multiple dhcp servers and roadwarriors?"
• Previous message: Marc Mc Guinness: "[Users] Deleting old connections automatically"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Sep 19 2002 - 05:20:10 CEST