[strongSwan] strongswan 4.3.6 IKEv1 not working for 3des-sha1
anand rao
anandrao_me at yahoo.co.in
Wed Nov 17 10:25:01 CET 2010
Hi,
I am trying to establish tunnel in transport mode between two hosts. I am
using strongswan 4.3.6 on both sides.
when I use default configuration or AES algorithm, tunnel establishes
successfully.
But if I use 3des algorithm (ike=3des-sha1-modp1536) I am getting following
errors.
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | *received 232 bytes from
1.1.1.2:500 on eth0
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: packet from 1.1.1.2:500:
ignoring Vendor ID payload [882fe56d6fd20dbc2251613b2ebe5beb]
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: packet from 1.1.1.2:500:
received Vendor ID payload [XAUTH]
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: packet from 1.1.1.2:500:
received Vendor ID payload [Dead Peer Detection]
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: packet from 1.1.1.2:500:
ignoring Vendor ID payload [4a131c81070358455c5728f20e95452f]
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: packet from 1.1.1.2:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: packet from 1.1.1.2:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: packet from 1.1.1.2:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: packet from 1.1.1.2:500:
ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | preparse_isakmp_policy:
peer requests PSK authentication
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | creating state object #1 at
0x939c8
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | inserting event
EVENT_SO_DISCARD, timeout in 0 seconds for #1
Nov 17 14:40:21 (none) authpriv.warn pluto[8536]: "example" #1: responding to
Main Mode
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | next event EVENT_RETRANSMIT
in 10 seconds for #1
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: |
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | *received 244 bytes from
1.1.1.2:500 on eth0
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:21 (none) authpriv.debug pluto[8536]: | state object #1 found, in
STATE_MAIN_R1
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | inserting event
EVENT_RETRANSMIT, timeout in 10 seconds for #1
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | next event EVENT_RETRANSMIT
in 10 seconds for #1
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: |
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | *received 68 bytes from
1.1.1.2:500 on eth0
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | state object #1 found, in
STATE_MAIN_R2
Nov 17 14:40:22 (none) authpriv.warn pluto[8536]: "example" #1: Peer ID is
ID_IPV4_ADDR: '1.1.1.2'
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | peer CA: %none
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | current connection is a
full match -- no need to look further
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | offered CA: %none
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | inserting event
EVENT_SA_REPLACE, timeout in 3510 seconds for #1
Nov 17 14:40:22 (none) authpriv.warn pluto[8536]: "example" #1: sent MR3, ISAKMP
SA established
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | next event EVENT_SA_REPLACE
in 3510 seconds for #1
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: |
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | *received 124 bytes from
1.1.1.2:500 on eth0
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | state object not found
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | state object #1 found, in
STATE_MAIN_R3
Nov 17 14:40:22 (none) authpriv.warn pluto[8536]: "example" #1: next payload
type of ISAKMP Hash Payload has an unknown value: 54
Nov 17 14:40:22 (none) authpriv.warn pluto[8536]: "example" #1: malformed
payload in packet
Nov 17 14:40:22 (none) authpriv.warn pluto[8536]: "example" #1: sending
encrypted notification PAYLOAD_MALFORMED to 1.1.1.2:500
Nov 17 14:40:22 (none) authpriv.debug pluto[8536]: | next event EVENT_SA_REPLACE
in 3510 seconds for #1
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: |
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | *received 124 bytes from
1.1.1.2:500 on eth0
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | state object not found
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | state object #1 found, in
STATE_MAIN_R3
Nov 17 14:40:32 (none) authpriv.warn pluto[8536]: "example" #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID 0x7e1eb13a
(perhaps this is a duplicated packet)
Nov 17 14:40:32 (none) authpriv.warn pluto[8536]: "example" #1: sending
encrypted notification INVALID_MESSAGE_ID to 1.1.1.2:500
Nov 17 14:40:32 (none) authpriv.debug pluto[8536]: | next event EVENT_SA_REPLACE
in 3500 seconds for #1
Nov 17 14:40:38 (none) cron.warn crond[4854]: time disparity of 21500077 minutes
detected
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: |
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | *received 124 bytes from
1.1.1.2:500 on eth0
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | state object not found
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | ICOOKIE: 5c 2c bf f7 e4
88 0e c3
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | RCOOKIE: 6b bb 02 cc 01
d1 98 03
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | peer: 01 01 01 02
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | state hash entry 27
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | state object #1 found, in
STATE_MAIN_R3
Nov 17 14:40:52 (none) authpriv.warn pluto[8536]: "example" #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID 0x7e1eb13a
(perhaps this is a duplicated packet)
Nov 17 14:40:52 (none) authpriv.warn pluto[8536]: "example" #1: sending
encrypted notification INVALID_MESSAGE_ID to 1.1.1.2:500
Nov 17 14:40:52 (none) authpriv.debug pluto[8536]: | next event EVENT_SA_REPLACE
in 3480 seconds for #1
>From the log I couldn't able to understand anything. Please help.
Thanks
-Anand
More information about the Users
mailing list