Hosting Provided By

[Users] half connection

From: Ethy H. Brito <ethy(at)inexo.com.br>
Date: Wed Mar 31 2004 - 08:50:00 EST

I am 'half-succeded' runnig freeswan-1.98b on Susse 8.2 box against a Netscreen box.

I can see ping requests comming from Netscreen, the replies coming into the Suse box but the replies are dropped inside it.

ipsec shows:

# ipsec auto --status

000 interface ipsec0/eth3 200.231.48.101 000

000 "riotte"[1]: 192.168.10.0/23===200.231.48.101---192.168.30.1...192.168.30.1---200.164.198.229===192.168.50.0/24
000 "riotte"[1]:   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "riotte"[1]:   policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY; interface: eth3; erouted
000 "riotte"[1]:   newest ISAKMP SA: #1; newest IPsec SA: #2; eroute owner: #2
000 "riotte": 192.168.10.0/23===200.231.48.101---192.168.30.1...192.168.30.1---%any===192.168.50.0/24
000 "riotte":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "riotte":   policy: PSK+ENCRYPT+TUNNEL+PFS+DONTREKEY; interface: eth3; unrouted
000 "riotte":   newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0

000

000 #2: "riotte"[1] 200.164.198.229 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_EXPIRE in 3587s; newest IPSEC; eroute owner
000 #2: "riotte"[1] 200.164.198.229 esp.d0c4d0ee@200.164.198.229 esp.c61e9074@200.231.48.101 tun.1002@200.164.198.229 tun.1001@200.231.48.101
000 #1: "riotte"[1] 200.164.198.229 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_EXPIRE in 3587s; newest ISAKMP

000

# ifconfig ipsec0

ipsec0 Link encap:IPIP Tunnel HWaddr

          inet addr:200.231.48.101  Mask:255.255.255.255
          UP RUNNING NOARP  MTU:16260  Metric:1
          RX packets:16 errors:0 dropped:11 overruns:0 frame:0
          TX packets:0 errors:0 dropped:49 overruns:0 carrier:0
          collisions:0 txqueuelen:10 
          RX bytes:220 (220.0 b)  TX bytes:0 (0.0 b)

# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.30.1    0.0.0.0         255.255.255.255 UH    0      0        0 eth3
192.168.50.0    0.0.0.0         255.255.255.0   U     0      0        0 ipsec0
192.168.10.0    0.0.0.0         255.255.254.0   U     0      0        0 eth1
0.0.0.0         192.168.30.1    0.0.0.0         UG    0      0        0 eth3

Do you need help?

I also have this in /var/log/warn

Mar 31 10:49:35 gateway03 pluto[24030]: ERROR: "riotte"[1] 200.164.198.229 #3: pfkey write() of SADB_X_ADDFLOW message 18 for flow tun.1003@200.231.48.101 failed. Errno 17: File exists
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related lists.freeswan.org Links
1998-fall
1998-spring
1998-summer
1998-winter
1999-winter
announce
briefs
bugs
design
freeswan-list
hipsec
ietf-sectest
users
users-admin
Request more information about Pantek
Mar 31 10:49:35 gateway03 pluto[24030]: "riotte"[1] 200.164.198.229 #3: IPsec SA established
Mar 31 10:51:25 gateway03 pluto[24030]: "riotte"[1] 200.164.198.229 #1: ignoring Delete SA payload
Mar 31 10:51:25 gateway03 pluto[24030]: "riotte"[1] 200.164.198.229 #1: received and ignored informational message
Mar 31 10:51:35 gateway03 pluto[24030]: "riotte"[1] 200.164.198.229 #4: responding to Quick Mode
Mar 31 10:51:35 gateway03 pluto[24030]: ERROR: "riotte"[1] 200.164.198.229 #4: pfkey write() of SADB_X_ADDFLOW message 29 for flow tun.1005@200.231.48.101 failed. Errno 17: File exists
Mar 31 10:51:35 gateway03 pluto[24030]: "riotte"[1] 200.164.198.229 #4: IPsec SA established

What is going on?

-- 

Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil   / \ 
_______________________________________________
FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr

Received on Wed Mar 31 09:03:30 2004

This message: [ Message body ]
Next message: Ethy H. Brito: "Re: [Users] half connection"
Previous message: Munro Biswal: "[Users] Problem using freeswan"
Next in thread: SYSTEM: "[Users] IPsec SA expired (LATEST!)"
Reply: Ethy H. Brito: "Re: [Users] half connection"
Reply: SYSTEM: "[Users] IPsec SA expired (LATEST!)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:02:30 EDT