[Users] What does this error message ( previously used Message ID) mean. ?

From: Ihsan Turkmen (iturkmen_at_ifk.com.tr)
Date: Mon Oct 07 2002 - 10:39:41 CEST

• Next message: Marcus Blomenkamp: "Re: [Users] no phase 1 state where one should be"
• Previous message: ???: "Re: [Users] ping6 problem."
• Next in thread: Andreas Steffen: "Re: [Users] What does this error message ( previously used Message ID) mean. ?"
• Reply: Andreas Steffen: "Re: [Users] What does this error message ( previously used Message ID) mean. ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

1) I have transferred (copied) the /etc/ipsec.d directory structure of a
running FreeSWAN (Gateway A) to another fresh installed FreeSWAN (Gateway B)
gateway.
2) I transferred the the ipsec.secrets file from Gateway A to Gateway B (for
pointing the key file) as well.
3) Restarted the ipsec pluto, expecting the Win2k client of the previously
running gateway (Gateway A) would connect to this new gateway (Gateway B) as
well.

When I try to connect from Win2K client,ipsec barf gives me the following
error.
----------------------------------------------------------------------------
---------------
Oct 7 11:06:27 Tuna pluto[32553]: "Ihsan"[1] 213.238.144.203 #1: sent MR3,
ISAKMP SA established
Oct 7 11:06:28 Tuna pluto[32553]: "Ihsan"[1] 213.238.144.203 #1: cannot
respond to IPsec SA request because no connection is known for
213.238.130.96/29===213.238.128.181[C=TR, ST=Istanbul, O=Turkmen Security
Consultancy, CN=Caniko]...213.238.144.203[C=TR, ST=Isanbul, O=Turkmen
Security Consultancy, CN=Ihsan Turkmen, E=iturkmen_at_ifk.com.tr]
Oct 7 11:06:29 Tuna pluto[32553]: "Ihsan"[1] 213.238.144.203 #1: Quick Mode
I1 message is unacceptable because it uses a previously used Message ID
0xa250cf97 (perhaps this is a duplicated packet)
----------------------------------------------------------------------------
--------------------

This is ipsec auto --status
----------------------------------------------------------------------------
--------------------
000 interface ipsec0/eth1 213.238.128.181
000
000 "Ihsan"[1]: 213.238.130.96/28===213.238.128.181[C=TR, ST=Istanbul,
O=Turkmen Security Consultancy, CN=Caniko]---213.238.128.135]
000 "Ihsan"[1]: ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 3
000 "Ihsan"[1]: policy: RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK;
interface: eth1; unrouted
000 "Ihsan"[1]: newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner:
#0
000 "Ihsan": 213.238.130.96/28===213.238.128.181[C=TR, ST=Istanbul,
O=Turkmen Security Consultancy, CN=Caniko]---213.238.128.135...]
000 "Ihsan": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 3
000 "Ihsan": policy: RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK;
interface: eth1; unrouted
000 "Ihsan": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000
000 #1: "Ihsan"[1] 213.238.144.203 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 1528s; newest ISAKMP

What mistake may I have done?

Thanks for your help..

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Marcus Blomenkamp: "Re: [Users] no phase 1 state where one should be"
• Previous message: ???: "Re: [Users] ping6 problem."
• Next in thread: Andreas Steffen: "Re: [Users] What does this error message ( previously used Message ID) mean. ?"
• Reply: Andreas Steffen: "Re: [Users] What does this error message ( previously used Message ID) mean. ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Oct 12 2002 - 05:20:25 CEST