[strongSwan] Attempting to use 5.0 MDS Ref#:00040620
Henry R. Prins
HPrins at multidataservices.com
Mon Sep 24 20:56:36 CEST 2012
Hey all,
I'm trying to use the new 5.0 but am having a few problems (they may be related). Since I am currently using 4.5 on all my other boxes, I set up a new box, opened the ports on my firewall which have been used by my other boxes and proceeded to install 5.0.0, this build/make install went rather smoothly.
I then proceeded to try to connect this new box with one of my existing remote boxes. I read the change logs and found out how to configure pfs, and took out the other depreciated commands. That being said I still have the following issues.
At this point if I start the connection from the 4.5 side it does connect. Although the 4.5 side logs show this:
received ModeCfg message when in state STATE_MAIN_R3, and we aren't mode config client.
After the connection is established we can transmit data for a few mins, after that it seems that the connection drops on the 5.0 side. The 4.5 side still shows as being up, but as you would expect it is unable to send data through the tunnel.
I get the following When the 5.0 side tries to initiate the connection which gives up after the 4th retransmit or request, never getting to the point where data can be sent.
When the 5.0 side initiates I get this on the 4.5 side:
Sep 24 10:36:03 VPN pluto[16791]: packet from ***.***.207.34:500: Informational Exchange is for an unknown (expired?) SA
Sep 24 10:41:06 VPN pluto[16791]: packet from ***.***.29.155:500: received Vendor ID payload [XAUTH]
Sep 24 10:41:06 VPN pluto[16791]: packet from ***.***.29.155:500: ignoring Vendor ID payload [RFC 3947]
Sep 24 10:41:06 VPN pluto[16791]: packet from ***.***.29.155:500: received Vendor ID payload [Dead Peer Detection]
Sep 24 10:41:06 VPN pluto[16791]: "test" #324: responding to Main Mode
Sep 24 10:41:07 VPN pluto[16791]: "test" #324: Peer ID is ID_IPV4_ADDR: '***.***.***.***'
Sep 24 10:41:07 VPN pluto[16791]: "test" #324: sent MR3, ISAKMP SA established
Sep 24 10:41:07 VPN pluto[16791]: "test" #324: received ModeCfg message when in state STATE_MAIN_R3, and we aren't mode config client
On the 5.0 side I get this:
==> /var/log/secure <==
Sep 24 10:38:42 Linux-2 charon: 09[IKE] IKE_SA remote[3] established between ***.***.29.155[***.***.29.155]...***.***.135.50[***.***.135.50]
==> /var/log/messages <==
Sep 24 10:38:46 Linux-2 charon: 12[IKE] sending retransmit 1 of request message ID 3872125085, seq 4
Sep 24 10:38:46 Linux-2 charon: 12[NET] sending packet: from ***.***.29.155[500] to ***.***.135.50[500]
Sep 24 10:38:53 Linux-2 charon: 14[IKE] sending retransmit 2 of request message ID 3872125085, seq 4
Sep 24 10:38:53 Linux-2 charon: 14[NET] sending packet: from ***.***.29.155[500] to ***.***.135.50[500]
Sep 24 10:39:06 Linux-2 charon: 13[IKE] sending retransmit 3 of request message ID 3872125085, seq 4
Sep 24 10:39:06 Linux-2 charon: 13[NET] sending packet: from ***.***.29.155[500] to ***.***.135.50[500]
Sep 24 10:39:29 Linux-2 charon: 05[IKE] sending retransmit 4 of request message ID 3872125085, seq 4
Sep 24 10:39:29 Linux-2 charon: 05[NET] sending packet: from ***.***.29.155[500] to ***.***.135.50[500]
Thanks,
Henry.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120924/fcc5780f/attachment.html>
More information about the Users
mailing list