<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:2053260149;
mso-list-type:hybrid;
mso-list-template-ids:-457785776 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hey all,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m trying to use the new 5.0 but am having a few problems (they may be related). Since I am currently using 4.5 on all my other boxes, I set up a new box, opened the ports on my firewall which have been used by my other boxes and proceeded to install 5.0.0, this build/make install went rather smoothly.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I then proceeded to try to connect this new box with one of my existing remote boxes. I read the change logs and found out how to configure pfs, and took out the other depreciated commands. That being said I still have the following issues.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>At this point if I start the connection from the 4.5 side it does connect. Although the 4.5 side logs show this:<o:p></o:p></span></p><p class=MsoNormal style='text-indent:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>received ModeCfg message when in state STATE_MAIN_R3, and we aren't mode config client.<o:p></o:p></span></p><p class=MsoNormal style='text-indent:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>After the connection is established we can transmit data for a few mins, after that it seems that the connection drops on the 5.0 side. The 4.5 side still shows as being up, but as you would expect it is unable to send data through the tunnel. <o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>I get the following When the 5.0 side tries to initiate the connection which gives up after the 4<sup>th</sup> retransmit or request, never getting to the point where data can be sent.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>When the 5.0 side initiates I get this on the 4.5 side:<o:p></o:p></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:36:03 VPN pluto[16791]: packet from ***.***.207.34:500: Informational Exchange is for an unknown (expired?) SA<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:41:06 VPN pluto[16791]: packet from ***.***.29.155:500: received Vendor ID payload [XAUTH]<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:41:06 VPN pluto[16791]: packet from ***.***.29.155:500: ignoring Vendor ID payload [RFC 3947]<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:41:06 VPN pluto[16791]: packet from ***.***.29.155:500: received Vendor ID payload [Dead Peer Detection]<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:41:06 VPN pluto[16791]: "test" #324: responding to Main Mode<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:41:07 VPN pluto[16791]: "test" #324: Peer ID is ID_IPV4_ADDR: '***.***.***.***'<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:41:07 VPN pluto[16791]: "test" #324: sent MR3, ISAKMP SA established<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:41:07 VPN pluto[16791]: "test" #324: received ModeCfg message when in state STATE_MAIN_R3, and we aren't mode config client<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='text-autospace:none'>On the 5.0 side I get this:<span style='font-size:9.0pt;font-family:"Lucida Console"'><o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>==> /var/log/secure <==<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:38:42 Linux-2 charon: 09[IKE] IKE_SA remote[3] established between ***.***.29.155[***.***.29.155]...***.***.135.50[***.***.135.50]<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>==> /var/log/messages <==<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:38:46 Linux-2 charon: 12[IKE] sending retransmit 1 of request message ID 3872125085, seq 4<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:38:46 Linux-2 charon: 12[NET] sending packet: from ***.***.29.155[500] to ***.***.135.50[500]<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:38:53 Linux-2 charon: 14[IKE] sending retransmit 2 of request message ID 3872125085, seq 4<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:38:53 Linux-2 charon: 14[NET] sending packet: from ***.***.29.155[500] to ***.***.135.50[500]<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:39:06 Linux-2 charon: 13[IKE] sending retransmit 3 of request message ID 3872125085, seq 4<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:39:06 Linux-2 charon: 13[NET] sending packet: from ***.***.29.155[500] to ***.***.135.50[500]<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:39:29 Linux-2 charon: 05[IKE] sending retransmit 4 of request message ID 3872125085, seq 4<o:p></o:p></span></p><p class=MsoNormal style='margin-left:.5in;text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'>Sep 24 10:39:29 Linux-2 charon: 05[NET] sending packet: from ***.***.29.155[500] to ***.***.135.50[500]<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Lucida Console"'><o:p> </o:p></span></p><p class=MsoNormal>Thanks,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Henry.<o:p></o:p></p></div></body></html>