From: Raphael Geyer (RGeyer_at_inti-france.com)
Date: Sat Dec 14 2002 - 23:34:00 CET
Hi,
I have got a linux 2.4.18 with freeswan 1.98b and x509 patch accepting W2K and linux roadwarrior connections.
All of my connections are working for a given time and then are broken and I see the following message :
Dec 8 11:49:10 localhost pluto[13226]: shutting down
Dec 8 11:49:10 localhost pluto[13226]: forgetting secrets
Dec 8 11:49:13 localhost ipsec__plutorun: Starting Pluto subsystem...
Dec 8 11:49:13 localhost pluto[13836]: Starting Pluto (FreeS/WAN Version 1.98b)
Dec 8 11:49:13 localhost pluto[13836]: including X.509 patch (Version 0.9.13)
Dec 8 11:49:13 localhost pluto[13836]: Changing to directory '/etc/ipsec.d/cacerts'
Dec 8 11:49:13 localhost pluto[13836]: loaded cacert file 'RootCA.der' (895 bytes)
Dec 8 11:49:13 localhost pluto[13836]: Changing to directory '/etc/ipsec.d/crls'
Dec 8 11:49:13 localhost pluto[13836]: loaded crl file 'crl.pem' (568 bytes)
Dec 8 11:49:13 localhost pluto[13836]: could not open my default X.509 cert file '/etc/x509cert.der'
Dec 8 11:49:13 localhost pluto[13836]: OpenPGP certificate file '/etc/pgpcert.pgp' not found
Dec 8 11:49:15 localhost pluto[13836]: loaded host cert file '/etc/ipsec.d/fw1.pem' (4447 bytes)
Dec 8 11:49:15 localhost pluto[13836]: loaded host cert file '/etc/ipsec.d/rgeyer.pem' (4454 bytes)
Dec 8 11:49:15 localhost pluto[13836]: added connection description "rgeyer-home"
Dec 8 11:49:15 localhost pluto[13836]: listening for IKE messages
Dec 8 11:49:15 localhost pluto[13836]: adding interface ipsec0/ippp0 213.36.29.5
Dec 8 11:49:15 localhost pluto[13836]: loading secrets from "/etc/ipsec.secrets"
Dec 8 11:49:15 localhost pluto[13836]: loaded private key file '/etc/ipsec.d/private/rgeyer.key' (1743 bytes)
Dec 8 11:49:16 localhost pluto[13836]: "rgeyer-home" #1: initiating Main Mode
Dec 8 11:49:17 localhost pluto[13836]: "rgeyer-home" #1: Peer ID is ID_DER_ASN1_DN: 'C=FR, O=INTI, OU=DSI, CN=fw1'
Dec 8 11:49:17 localhost pluto[13836]: "rgeyer-home" #1: Next CRL update was expected on Nov 20 13:10:46 UTC 2002
Dec 8 11:49:18 localhost pluto[13836]: "rgeyer-home" #1: Next CRL update was expected on Nov 20 13:10:46 UTC 2002
Dec 8 11:49:18 localhost pluto[13836]: "rgeyer-home" #1: ISAKMP SA established
Dec 8 11:49:18 localhost pluto[13836]: "rgeyer-home" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
Dec 8 11:49:18 localhost pluto[13836]: "rgeyer-home" #2: sent QI2, IPsec SA established
Dec 8 12:38:35 localhost pluto[13836]: "rgeyer-home" #3: initiating Main Mode to replace #1
Dec 8 12:49:18 localhost pluto[13836]: "rgeyer-home" #1: ISAKMP SA expired (LATEST!)
Dec 8 12:51:45 localhost pluto[13836]: "rgeyer-home" #3: max number of retransmissions (20) reached STATE_MAIN_I1. No acceptable
response to our first IKE message
Dec 8 12:51:45 localhost pluto[13836]: "rgeyer-home" #3: starting keying attempt 2 of an unlimited number
Dec 8 12:51:45 localhost pluto[13836]: "rgeyer-home" #4: initiating Main Mode to replace #3
Dec 8 13:04:55 localhost pluto[13836]: "rgeyer-home" #4: max number of retransmissions (20) reached STATE_MAIN_I1. No acceptable
response to our first IKE message
Dec 8 13:04:55 localhost pluto[13836]: "rgeyer-home" #4: starting keying attempt 3 of an unlimited number
Dec 8 13:04:55 localhost pluto[13836]: "rgeyer-home" #5: initiating Main Mode to replace #4
Dec 8 13:18:05 localhost pluto[13836]: "rgeyer-home" #5: max number of retransmissions (20) reached STATE_MAIN_I1. No acceptable
response to our first IKE message
Dec 8 13:18:05 localhost pluto[13836]: "rgeyer-home" #5: starting keying attempt 4 of an unlimited number
Dec 8 13:18:05 localhost pluto[13836]: "rgeyer-home" #6: initiating Main Mode to replace #5
I have got these problems with W2K clients and with another linux 2.4.18 freeswan 1.98b x509 patch.
Keying process should run for it self what is the problem ?
Thanks in advance
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sun Dec 15 2002 - 05:21:02 CET