[strongSwan] Error while using "ipsec up <connection name>"

Dhanavel P espdhanavel at gmail.com
Thu Jun 17 16:04:10 CEST 2010 

Hi All,*
       *I* *am trying to establish an IPsec connection between two
hosts..i choose host-host(transport mode) for set up..
 i have done the needed configuration for this setup and i start IPsec.

but some error has been occured  as show below while i execute *"ipsec
up sample-self-signed".*And sometimes i got error like
*Asynchronous network error for eth0*
*
*Kindly help me.....*

ipsec up sample-self-signed*

[root at INFCH02598 ~]# ipsec up sample-self-signed
002 "sample-self-signed" #8: initiating Main Mode
104 "sample-self-signed" #8: STATE_MAIN_I1: initiate
003 "sample-self-signed" #8: received Vendor ID payload [strongSwan]
003 "sample-self-signed" #8: received Vendor ID payload [XAUTH]
003 "sample-self-signed" #8: received Vendor ID payload [Dead Peer Detection]
106 "sample-self-signed" #8: STATE_MAIN_I2: sent MI2, expecting MR2
002 "sample-self-signed" #8: we don't have a cert
108 "sample-self-signed" #8: STATE_MAIN_I3: sent MI3, expecting MR3
003 "sample-self-signed" #8: ignoring informational payload, type
INVALID_KEY_INFORMATION
010 "sample-self-signed" #8: STATE_MAIN_I3: retransmission; will wait
20s for response
003 "sample-self-signed" #8: next payload type of ISAKMP Hash Payload
has an unknown value: 254
003 "sample-self-signed" #8: malformed payload in packet
003 "sample-self-signed" #8: discarding duplicate packet; already STATE_MAIN_I3
010 "sample-self-signed" #8: STATE_MAIN_I3: retransmission; will wait
40s for response
003 "sample-self-signed" #8: next payload type of ISAKMP Hash Payload
has an unknown value: 24
003 "sample-self-signed" #8: malformed payload in packet
003 "sample-self-signed" #8: discarding duplicate packet; already STATE_MAIN_I3
031 "sample-self-signed" #8: max number of retransmissions (2) reached
STATE_MAIN_I3.  Possible authentication failure: no acceptable
response to our first encrypted message
000 "sample-self-signed" #8: starting keying attempt 2 of at most 3,
but releasing whack


*ipsec statusall*

000 Status of IKEv1 pluto daemon (strongSwan 4.4.0):
000 interface lo/lo ::1:500
000 interface lo/lo 127.0.0.1:500
000 interface eth0/eth0 172.29.23.110:500
000 %myid = '%any'
000 loaded plugins: aes des sha1 md5 sha2 hmac gmp random pem pkcs1
000 debug options: control
000
000 "sample-self-signed": 172.29.23.110[C=IN, O=LNT,
CN=INFCH02598]...172.29.23.146[C=IN, O=LNT, CN=INFCH00889]; unrouted;
eroute owner: #0
000 "sample-self-signed":   ike_life: 10800s; ipsec_life: 3600s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "sample-self-signed":   policy: PUBKEY+ENCRYPT+TUNNEL+PFS+UP;
prio: 32,32; interface: eth0;
000 "sample-self-signed":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 #12: "sample-self-signed" STATE_MAIN_I3 (sent MI3, expecting MR3);
EVENT_RETRANSMIT in 25s
000 #12: pending Phase 2 for "sample-self-signed" replacing #0
000 #11: "sample-self-signed" STATE_MAIN_R2 (sent MR2, expecting MI3);
EVENT_RETRANSMIT in 6s
000

*ip xfrm policy*

[root at INFCH02598 ~]# ip xfrm policy
src ::/0 dst ::/0
        dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
        dir in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
        dir in priority 0 ptype main
src ::/0 dst ::/0
        dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
        dir out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
        dir out priority 0 ptype main


Thanks in advance

Regards
Dhanavel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100617/941312db/attachment.html>

More information about the Users mailing list