Hosting Provided By

Re: isakmpd does not initiate connections but wait for others

From: Alexandre <alex(at)vbone.net>
Date: Mon Mar 03 2003 - 09:02:31 EST

Hi again,

This is a more verbose log that I have when the tunnels are down. While isakmpd pretends that he tries to reconnect, a tcpdump or -L option does not show any udp/500 packet, even after a long time, that's really strange. If I ask the peer admins to restart their ipsec, the 3 tunnel works fine.

The error about "differing group descriptions in a proposal" might be because I have several proposal, so there will be an error message until the right proposal is reached ? Could it be some incompatibilities between the proposals I'm using: QM-ESP-3DES-SHA-SUITE,QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-SHA-SUITE and 3DES-SHA, DES-SHA for phase 1.

Regards,
Alexandre

144302.656878 Default exchange_run: doi->initiator (0x114a00) failed
144302.656930 Mesg 20 message_free: freeing 0x114a00
144302.656992 SA   80 sa_release: SA 0x114900 had 4 references
144302.683346 Timr 10 timer_handle_expirations: event connection_checker(0x1b7eb0)
144302.684187 Timr 10 timer_add_event: event connection_checker(0x1b7eb0) added before sa_soft_expire(0x114900), expiration in 60s
144302.684437 Timr 10 timer_add_event: event exchange_free_aux(0x114a00) added before connection_checker(0x1b7e40), expiration in 45s
144302.684543 Exch 10 exchange_establish_p2: 0x114a00 IPsec-Conn-XXX-BBB Default-quick-mode policy initiator phase 2 doi 1 exchange 32 step 0
144302.684618 Exch 10 exchange_establish_p2: icookie 9fa1eb5a2bead74c rcookie 7646e7ebefd5dde8
144302.684677 Exch 10 exchange_establish_p2: msgid df7a67ff sa_list
144302.684741 SA   80 sa_reference: SA 0x114b00 now has 1 references
144302.684796 SA   70 sa_enter: SA 0x114b00 added to SA list
144302.684851 SA   80 sa_reference: SA 0x114b00 now has 2 references
144302.684910 SA   60 sa_create: sa 0x114b00 phase 2 added to exchange 0x114a00 (IPsec-Conn-XXX-BBB)
144302.684976 SA   80 sa_reference: SA 0x114c00 now has 4 references
144302.685045 Cryp 60 hash_get: requested algorithm 1
144302.685286 Misc 70 attribute_set_constant: no GROUP_DESCRIPTION in the QM-ESP-3DES-SHA-XF section
144302.686070 Default initiator_send_HASH_SA_NONCE: differing group descriptions in a proposal
144302.686185 Default exchange_run: doi->initiator (0x114d00) failed
144302.686237 Mesg 20 message_free: freeing 0x114d00
144302.686300 SA   80 sa_release: SA 0x114c00 had 4 references
144302.723345 Timr 10 timer_handle_expirations: event connection_checker(0x1b7f20)
144302.724136 Timr 10 timer_add_event: event connection_checker(0x1b7f20) added before sa_soft_expire(0x114900), expiration in 60s
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related openbsd.org Links
advocacy
announce
bugs
ipv6
misc
ports
ports-changes
security-announce
smp
source-changes
tech
Request more information about Pantek
144302.724383 Timr 10 timer_add_event: event exchange_free_aux(0x114d00) added before connection_checker(0x1b7e40), expiration in 45s
144302.724489 Exch 10 exchange_establish_p2: 0x114d00 IPsec-Conn-XXX-CCC Default-quick-mode policy initiator phase 2 doi 1 exchange 32 step 0
144302.724564 Exch 10 exchange_establish_p2: icookie 9acafc64333be0ca rcookie 8187d6657fab3200
144302.724626 Exch 10 exchange_establish_p2: msgid 070d97a9 sa_list
144302.724692 SA   80 sa_reference: SA 0x114e00 now has 1 references
144302.724749 SA   70 sa_enter: SA 0x114e00 added to SA list
144302.724805 SA   80 sa_reference: SA 0x114e00 now has 2 references
144302.724899 SA   60 sa_create: sa 0x114e00 phase 2 added to exchange 0x114d00 (IPsec-Conn-XXX-CCC)
144302.724974 SA   80 sa_reference: SA 0x114f00 now has 4 references
144302.725044 Cryp 60 hash_get: requested algorithm 1
144302.725282 Misc 70 attribute_set_constant: no GROUP_DESCRIPTION in the QM-ESP-3DES-SHA-XF section
144302.726021 Default initiator_send_HASH_SA_NONCE: differing group descriptions in a proposal
144302.726133 Default exchange_run: doi->initiator (0x16e000) failed
144302.726185 Mesg 20 message_free: freeing 0x16e000
144302.726247 SA   80 sa_release: SA 0x114f00 had 4 references
144302.763354 Timr 10 timer_handle_expirations: event connection_checker(0x1b7f90)
144302.764274 Timr 10 timer_add_event: event connection_checker(0x1b7f90) added before sa_soft_expire(0x114900), expiration in 60s
144302.764532 Timr 10 timer_add_event: event exchange_free_aux(0x16e000) added before connection_checker(0x1b7e40), expiration in 45s
144302.764637 Exch 10 exchange_establish_p2: 0x16e000 IPsec-Conn-XXX-CCC Default-quick-mode policy initiator phase 2 doi 1 exchange 32 step 0
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related openbsd.org Links
advocacy
announce
bugs
ipv6
misc
ports
ports-changes
security-announce
smp
source-changes
tech
Request more information about Pantek
144302.764711 Exch 10 exchange_establish_p2: icookie 9acafc64333be0ca rcookie 8187d6657fab3200
144302.764772 Exch 10 exchange_establish_p2: msgid 16438e1a sa_list
144302.764836 SA   80 sa_reference: SA 0x16e100 now has 1 references
144302.764893 SA   70 sa_enter: SA 0x16e100 added to SA list
144302.764947 SA   80 sa_reference: SA 0x16e100 now has 2 references
144302.765006 SA   60 sa_create: sa 0x16e100 phase 2 added to exchange 0x16e000 (IPsec-Conn-XXX-CCC)
144302.765074 SA   80 sa_reference: SA 0x114f00 now has 4 references
144302.765142 Cryp 60 hash_get: requested algorithm 1
144302.765525 Misc 70 attribute_set_constant: no GROUP_DESCRIPTION in the QM-ESP-3DES-SHA-XF section
144302.766131 Default initiator_send_HASH_SA_NONCE: differing group descriptions in a proposal
144302.766239 Default exchange_run: doi->initiator (0x16e200) failed
144302.766293 Mesg 20 message_free: freeing 0x16e200
144302.766355 SA   80 sa_release: SA 0x114f00 had 4 references

On Mon, Mar 03, 2003 at 01:31:26PM +0100, Hakan Olsson wrote:
> On Mon, 3 Mar 2003, Alexandre wrote:
Received on Mon Mar 3 09:03:43 2003

This message: [ Message body ]
Next message: Hakan Olsson: "Re: isakmpd does not initiate connections but wait for others"
In reply to Hakan Olsson: "Re: isakmpd does not initiate connections but wait for others"
Next in thread: Hakan Olsson: "Re: isakmpd does not initiate connections but wait for others"
Reply: Hakan Olsson: "Re: isakmpd does not initiate connections but wait for others"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:30 EDT