Received: from webgate.proteosys.de (mail.proteosys-ag.com [62.225.9.49]) by lucy.proteosys (8.11.0/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id f18ABsH29780; Thu, 8 Feb 2001 11:11:54 +0100 Received: by webgate.proteosys.de (8.11.0/8.11.0) with ESMTP id f18ABrd12797 .; Thu, 8 Feb 2001 11:11:53 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C091B7.8F901100" Received: from tjernobyl.rivernet.rivermen.se (billibino.rivermen.se [213.141.72.10]) by mail.freeswan.org (8.11.0/8.11.0) with ESMTP id f188mlj13909 for ; Thu, 8 Feb 2001 09:48:47 +0100 X-MimeOLE: Produced By Microsoft Exchange V6.5 Received: by tjernobyl.rivernet.rivermen.se with Internet Mail Service (5.5.2653.19) id ; Thu, 8 Feb 2001 09:48:04 +0100 Return-Path: X-Mailer: Internet Mail Service (5.5.2653.19) Content-class: urn:content-classes:message Subject: ISAKMP SA expired Date: Thu, 8 Feb 2001 09:48:00 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: From: "Magnus Heino (Rivermen)" To: Status: R X-Status: X-Keywords: X-UID: 3741 This is a multi-part message in MIME format. ------_=_NextPart_001_01C091B7.8F901100 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi. I am having problems with "ISAKMP SA expired". The only keying parameters set in ipsec.conf are: keyingtries=3D0 authby=3Drsasig Does anyone know what is going on? I have tried to read the docs and = seached mailinglist archives, but I cant find a solution to it. ? /Magnus Feb 8 08:19:28 kilkenny Pluto[6142]: Starting Pluto (FreeS/WAN Version = 1.8) Feb 8 08:19:29 kilkenny Pluto[6142]: added connection description "apartment-premise" Feb 8 08:19:29 kilkenny Pluto[6142]: added connection description "basement-premise" Feb 8 08:19:29 kilkenny Pluto[6142]: added connection description "office-premise" Feb 8 08:19:29 kilkenny Pluto[6142]: listening for IKE messages Feb 8 08:19:29 kilkenny Pluto[6142]: adding interface ipsec0/eth0 213.141.72.11 Feb 8 08:19:29 kilkenny Pluto[6142]: loading secrets from "/etc/ipsec.secrets" Feb 8 08:19:30 kilkenny Pluto[6142]: "apartment-premise" #1: initiating Main Mode Feb 8 08:20:00 kilkenny Pluto[6142]: some IKE message we sent has been rejected with ECONNREFUSED (kernel supplied no details) Feb 8 08:20:00 kilkenny Pluto[6142]: extended network error info for message to unknown: compainant 213.112.161.143, errno 111 Connection refused, origin ICMP (not authenticated) 2, type 3, code 3 Feb 8 08:20:25 kilkenny Pluto[6142]: "apartment-premise" #2: responding = to Main Mode Feb 8 08:20:27 kilkenny Pluto[6142]: "basement-premise" #3: responding = to Main Mode Feb 8 08:20:34 kilkenny Pluto[6142]: "apartment-premise" #2: = STATE_MAIN_R3: sent MR3, ISAKMP SA established Feb 8 08:20:35 kilkenny Pluto[6142]: "apartment-premise" #4: responding = to Quick Mode Feb 8 08:20:36 kilkenny Pluto[6142]: "basement-premise" #3: = STATE_MAIN_R3: sent MR3, ISAKMP SA established Feb 8 08:20:37 kilkenny Pluto[6142]: "basement-premise" #5: responding = to Quick Mode Feb 8 08:20:37 kilkenny Pluto[6142]: "apartment-premise" #4: STATE_QUICK_R2: IPsec SA established Feb 8 08:20:39 kilkenny Pluto[6142]: "basement-premise" #5: = STATE_QUICK_R2: IPsec SA established Feb 8 08:20:49 kilkenny Pluto[6142]: "apartment-premise" #1: = STATE_MAIN_I4: ISAKMP SA established Feb 8 08:20:49 kilkenny Pluto[6142]: "apartment-premise" #6: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS Feb 8 08:20:50 kilkenny Pluto[6142]: "apartment-premise" #6: STATE_QUICK_I2: sent QI2, IPsec SA established Feb 8 08:20:50 kilkenny Pluto[6142]: "basement-premise" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS Feb 8 08:20:51 kilkenny Pluto[6142]: "basement-premise" #7: = STATE_QUICK_I2: sent QI2, IPsec SA established Feb 8 08:20:51 kilkenny Pluto[6142]: "office-premise" #8: initiating = Main Mode Feb 8 08:20:51 kilkenny Pluto[6142]: some IKE message we sent has been rejected with ECONNREFUSED (kernel supplied no details) Feb 8 08:20:51 kilkenny Pluto[6142]: extended network error info for message to unknown: compainant 213.141.72.12, errno 111 Connection = refused, origin ICMP (not authenticated) 2, type 3, code 3 Feb 8 08:21:01 kilkenny Pluto[6142]: some IKE message we sent has been rejected with ECONNREFUSED (kernel supplied no details) Feb 8 08:21:01 kilkenny Pluto[6142]: extended network error info for message to unknown: compainant 213.141.72.12, errno 111 Connection = refused, origin ICMP (not authenticated) 2, type 3, code 3 Feb 8 08:21:21 kilkenny Pluto[6142]: some IKE message we sent has been rejected with ECONNREFUSED (kernel supplied no details) Feb 8 08:21:21 kilkenny Pluto[6142]: extended network error info for message to unknown: compainant 213.141.72.12, errno 111 Connection = refused, origin ICMP (not authenticated) 2, type 3, code 3 Feb 8 08:22:42 kilkenny Pluto[6142]: "office-premise" #9: responding to Main Mode Feb 8 08:22:49 kilkenny Pluto[6142]: "office-premise" #8: = STATE_MAIN_I4: ISAKMP SA established Feb 8 08:22:49 kilkenny Pluto[6142]: "office-premise" #10: initiating = Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS Feb 8 08:22:52 kilkenny Pluto[6142]: "office-premise" #10: = STATE_QUICK_I2: sent QI2, IPsec SA established Feb 8 08:22:58 kilkenny Pluto[6142]: "office-premise" #9: = STATE_MAIN_R3: sent MR3, ISAKMP SA established Feb 8 08:23:00 kilkenny Pluto[6142]: "office-premise" #11: responding = to Quick Mode Feb 8 08:23:01 kilkenny Pluto[6142]: "office-premise" #11: = STATE_QUICK_R2: IPsec SA established Feb 8 08:28:55 kilkenny sshd[6322]: Accepted password for ROOT from 213.141.72.10 port 835 ssh2 Feb 8 08:36:55 kilkenny sshd[1069]: Generating new 768 bit RSA key. Feb 8 08:36:55 kilkenny sshd[1069]: RSA key generation complete. Feb 8 09:04:04 kilkenny Pluto[6142]: "basement-premise" #12: responding = to Main Mode Feb 8 09:04:07 kilkenny Pluto[6142]: "basement-premise" #12: = STATE_MAIN_R3: sent MR3, ISAKMP SA established Feb 8 09:04:16 kilkenny Pluto[6142]: "apartment-premise" #1: replacing stale ISAKMP SA Feb 8 09:04:16 kilkenny Pluto[6142]: "apartment-premise" #13: = initiating Main Mode Feb 8 09:04:20 kilkenny Pluto[6142]: "apartment-premise" #13: STATE_MAIN_I4: ISAKMP SA established Feb 8 09:06:26 kilkenny Pluto[6142]: "office-premise" #14: responding = to Main Mode Feb 8 09:06:29 kilkenny Pluto[6142]: "office-premise" #14: = STATE_MAIN_R3: sent MR3, ISAKMP SA established Feb 8 09:06:38 kilkenny Pluto[6142]: "office-premise" #8: not replacing stale ISAKMP SA: #14 will do Feb 8 09:16:04 kilkenny Pluto[6142]: "apartment-premise" #2: not = replacing stale ISAKMP SA: #13 will do Feb 8 09:16:06 kilkenny Pluto[6142]: "basement-premise" #3: not = replacing stale ISAKMP SA: #12 will do Feb 8 09:18:28 kilkenny Pluto[6142]: "office-premise" #9: not replacing stale ISAKMP SA: #14 will do Feb 8 09:20:34 kilkenny Pluto[6142]: "apartment-premise" #2: ISAKMP SA expired (superseded by #13) Feb 8 09:20:36 kilkenny Pluto[6142]: "basement-premise" #3: ISAKMP SA expired (superseded by #12) Feb 8 09:20:49 kilkenny Pluto[6142]: "apartment-premise" #1: ISAKMP SA expired (superseded by #13) Feb 8 09:22:49 kilkenny Pluto[6142]: "office-premise" #8: ISAKMP SA = expired (superseded by #14) Feb 8 09:22:58 kilkenny Pluto[6142]: "office-premise" #9: ISAKMP SA = expired (superseded by #14) =20 It goes on like this for 7-8 hours, then it dies with something like = this; Feb 7 07:56:59 kilkenny Pluto[3043]: "basement-premise" #268: = initiating Main Mode Feb 7 08:05:39 kilkenny Pluto[3043]: "apartment-premise" #266: max = number of retransmissions (20) reached STATE_MAIN_I1. No acceptable response = to our first IKE message Feb 7 08:05:39 kilkenny Pluto[3043]: "apartment-premise" #266: starting keying attempt 24 of an unlimited number =20 ------_=_NextPart_001_01C091B7.8F901100 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable ISAKMP SA expired

Hi.

I am having problems with "ISAKMP SA = expired".

The only keying parameters set in ipsec.conf = are:

keyingtries=3D0
authby=3Drsasig

Does anyone know what is going on? I have tried to = read the docs and seached
mailinglist archives, but I cant find a solution to = it.

?

/Magnus

Feb  8 08:19:28 kilkenny Pluto[6142]: Starting = Pluto (FreeS/WAN Version 1.8)
Feb  8 08:19:29 kilkenny Pluto[6142]: added = connection description
"apartment-premise"
Feb  8 08:19:29 kilkenny Pluto[6142]: added = connection description
"basement-premise"
Feb  8 08:19:29 kilkenny Pluto[6142]: added = connection description
"office-premise"
Feb  8 08:19:29 kilkenny Pluto[6142]: listening = for IKE messages
Feb  8 08:19:29 kilkenny Pluto[6142]: adding = interface ipsec0/eth0
213.141.72.11
Feb  8 08:19:29 kilkenny Pluto[6142]: loading = secrets from
"/etc/ipsec.secrets"
Feb  8 08:19:30 kilkenny Pluto[6142]: = "apartment-premise" #1: initiating
Main Mode
Feb  8 08:20:00 kilkenny Pluto[6142]: some IKE = message we sent has been
rejected with ECONNREFUSED (kernel supplied no = details)
Feb  8 08:20:00 kilkenny Pluto[6142]: extended = network error info for
message to unknown: compainant 213.112.161.143, errno = 111 Connection
refused, origin ICMP (not authenticated) 2, type 3, = code 3
Feb  8 08:20:25 kilkenny Pluto[6142]: = "apartment-premise" #2: responding to
Main Mode
Feb  8 08:20:27 kilkenny Pluto[6142]: = "basement-premise" #3: responding to
Main Mode
Feb  8 08:20:34 kilkenny Pluto[6142]: = "apartment-premise" #2: STATE_MAIN_R3:
sent MR3, ISAKMP SA established
Feb  8 08:20:35 kilkenny Pluto[6142]: = "apartment-premise" #4: responding to
Quick Mode
Feb  8 08:20:36 kilkenny Pluto[6142]: = "basement-premise" #3: STATE_MAIN_R3:
sent MR3, ISAKMP SA established
Feb  8 08:20:37 kilkenny Pluto[6142]: = "basement-premise" #5: responding to
Quick Mode
Feb  8 08:20:37 kilkenny Pluto[6142]: = "apartment-premise" #4:
STATE_QUICK_R2: IPsec SA established
Feb  8 08:20:39 kilkenny Pluto[6142]: = "basement-premise" #5: STATE_QUICK_R2:
IPsec SA established
Feb  8 08:20:49 kilkenny Pluto[6142]: = "apartment-premise" #1: STATE_MAIN_I4:
ISAKMP SA established
Feb  8 08:20:49 kilkenny Pluto[6142]: = "apartment-premise" #6: initiating
Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
Feb  8 08:20:50 kilkenny Pluto[6142]: = "apartment-premise" #6:
STATE_QUICK_I2: sent QI2, IPsec SA established
Feb  8 08:20:50 kilkenny Pluto[6142]: = "basement-premise" #7: initiating
Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
Feb  8 08:20:51 kilkenny Pluto[6142]: = "basement-premise" #7: STATE_QUICK_I2:
sent QI2, IPsec SA established
Feb  8 08:20:51 kilkenny Pluto[6142]: = "office-premise" #8: initiating Main
Mode
Feb  8 08:20:51 kilkenny Pluto[6142]: some IKE = message we sent has been
rejected with ECONNREFUSED (kernel supplied no = details)
Feb  8 08:20:51 kilkenny Pluto[6142]: extended = network error info for
message to unknown: compainant 213.141.72.12, errno = 111 Connection refused,
origin ICMP (not authenticated) 2, type
3, code 3
Feb  8 08:21:01 kilkenny Pluto[6142]: some IKE = message we sent has been
rejected with ECONNREFUSED (kernel supplied no = details)
Feb  8 08:21:01 kilkenny Pluto[6142]: extended = network error info for
message to unknown: compainant 213.141.72.12, errno = 111 Connection refused,
origin ICMP (not authenticated) 2, type
3, code 3
Feb  8 08:21:21 kilkenny Pluto[6142]: some IKE = message we sent has been
rejected with ECONNREFUSED (kernel supplied no = details)
Feb  8 08:21:21 kilkenny Pluto[6142]: extended = network error info for
message to unknown: compainant 213.141.72.12, errno = 111 Connection refused,
origin ICMP (not authenticated) 2, type
3, code 3
Feb  8 08:22:42 kilkenny Pluto[6142]: = "office-premise" #9: responding to
Main Mode
Feb  8 08:22:49 kilkenny Pluto[6142]: = "office-premise" #8: STATE_MAIN_I4:
ISAKMP SA established
Feb  8 08:22:49 kilkenny Pluto[6142]: = "office-premise" #10: initiating Quick
Mode RSASIG+ENCRYPT+TUNNEL+PFS
Feb  8 08:22:52 kilkenny Pluto[6142]: = "office-premise" #10: STATE_QUICK_I2:
sent QI2, IPsec SA established
Feb  8 08:22:58 kilkenny Pluto[6142]: = "office-premise" #9: STATE_MAIN_R3:
sent MR3, ISAKMP SA established
Feb  8 08:23:00 kilkenny Pluto[6142]: = "office-premise" #11: responding to
Quick Mode
Feb  8 08:23:01 kilkenny Pluto[6142]: = "office-premise" #11: STATE_QUICK_R2:
IPsec SA established
Feb  8 08:28:55 kilkenny sshd[6322]: Accepted = password for ROOT from
213.141.72.10 port 835 ssh2
Feb  8 08:36:55 kilkenny sshd[1069]: Generating = new 768 bit RSA key.
Feb  8 08:36:55 kilkenny sshd[1069]: RSA key = generation complete.
Feb  8 09:04:04 kilkenny Pluto[6142]: = "basement-premise" #12: responding to
Main Mode
Feb  8 09:04:07 kilkenny Pluto[6142]: = "basement-premise" #12: STATE_MAIN_R3:
sent MR3, ISAKMP SA established
Feb  8 09:04:16 kilkenny Pluto[6142]: = "apartment-premise" #1: replacing
stale ISAKMP SA
Feb  8 09:04:16 kilkenny Pluto[6142]: = "apartment-premise" #13: initiating
Main Mode
Feb  8 09:04:20 kilkenny Pluto[6142]: = "apartment-premise" #13:
STATE_MAIN_I4: ISAKMP SA established
Feb  8 09:06:26 kilkenny Pluto[6142]: = "office-premise" #14: responding to
Main Mode
Feb  8 09:06:29 kilkenny Pluto[6142]: = "office-premise" #14: STATE_MAIN_R3:
sent MR3, ISAKMP SA established
Feb  8 09:06:38 kilkenny Pluto[6142]: = "office-premise" #8: not replacing
stale ISAKMP SA: #14 will do
Feb  8 09:16:04 kilkenny Pluto[6142]: = "apartment-premise" #2: not replacing
stale ISAKMP SA: #13 will do
Feb  8 09:16:06 kilkenny Pluto[6142]: = "basement-premise" #3: not replacing
stale ISAKMP SA: #12 will do
Feb  8 09:18:28 kilkenny Pluto[6142]: = "office-premise" #9: not replacing
stale ISAKMP SA: #14 will do
Feb  8 09:20:34 kilkenny Pluto[6142]: = "apartment-premise" #2: ISAKMP SA
expired (superseded by #13)
Feb  8 09:20:36 kilkenny Pluto[6142]: = "basement-premise" #3: ISAKMP SA
expired (superseded by #12)
Feb  8 09:20:49 kilkenny Pluto[6142]: = "apartment-premise" #1: ISAKMP SA
expired (superseded by #13)
Feb  8 09:22:49 kilkenny Pluto[6142]: = "office-premise" #8: ISAKMP SA expired
(superseded by #14)
Feb  8 09:22:58 kilkenny Pluto[6142]: = "office-premise" #9: ISAKMP SA expired
(superseded by #14) 


It goes on like this for 7-8 hours, then it dies with = something like this;

Feb  7 07:56:59 kilkenny Pluto[3043]: = "basement-premise" #268: initiating
Main Mode
Feb  7 08:05:39 kilkenny Pluto[3043]: = "apartment-premise" #266: max number
of retransmissions (20) reached STATE_MAIN_I1.  = No acceptable response to
our first IKE message
Feb  7 08:05:39 kilkenny Pluto[3043]: = "apartment-premise" #266: starting
keying attempt 24 of an unlimited number  =

------_=_NextPart_001_01C091B7.8F901100--