Project

General

Profile

Actions
Copy link

Bug #4220

closed

IPSec dose not work any more.

Added by Anonymous over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
01/15/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.2
Affected Plus Version:
Affected Architecture:

Description

Since update to "2.2-RC (amd64) built on Wed January 14 17:46:28 CST 2015 FreeBSD 10.1-RELEASE-p4 " does not work any IPSec tunnel.
The status is at loacal id "Unknown" and Remote ID "Any identifier". See the picture attached.

Log my side:
Jan 15 13:29:47 charon: 09[IKE] <con1000|1> initiating Aggressive Mode IKE_SA con10001 to OTHER-IP
Jan 15 13:29:47 charon: 09[IKE] initiating Aggressive Mode IKE_SA con10001 to OTHER-IP
Jan 15 13:29:47 charon: 09[ENC] generating AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
Jan 15 13:29:47 charon: 09[NET] sending packet: from MY-IP500 to OTHER-IP500 (526 bytes)
Jan 15 13:29:51 charon: 09[IKE] <con1000|1> sending retransmit 1 of request message ID 0, seq 1
Jan 15 13:29:51 charon: 09[IKE] sending retransmit 1 of request message ID 0, seq 1
Jan 15 13:29:51 charon: 09[NET] sending packet: from MY-IP500 to OTHER-IP500 (526 bytes)
Jan 15 13:29:56 charon: 15[NET] received packet: from OTHER-IP500 to MY-IP500 (518 bytes)
Jan 15 13:29:56 charon: 15[ENC] parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V ]
Jan 15 13:29:56 charon: 15[IKE] <7> received FRAGMENTATION vendor ID
Jan 15 13:29:56 charon: 15[IKE] received FRAGMENTATION vendor ID
Jan 15 13:29:56 charon: 15[IKE] <7> received NAT-T (RFC 3947) vendor ID
Jan 15 13:29:56 charon: 15[IKE] received NAT-T (RFC 3947) vendor ID
Jan 15 13:29:56 charon: 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 15 13:29:56 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
Jan 15 13:29:56 charon: 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 15 13:29:56 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Jan 15 13:29:56 charon: 15[IKE] <7> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 15 13:29:56 charon: 15[IKE] received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Jan 15 13:29:56 charon: 15[IKE] <7> received DPD vendor ID
Jan 15 13:29:56 charon: 15[IKE] received DPD vendor ID
Jan 15 13:29:56 charon: 15[IKE] <7> OTHER-IP is initiating a Aggressive Mode IKE_SA
Jan 15 13:29:56 charon: 15[IKE] OTHER-IP is initiating a Aggressive Mode IKE_SA
Jan 15 13:29:56 charon: 15[CFG] looking for pre-shared key peer configs matching MY-IP...OTHER-IP[gw01.buerokompetenz.de]
Jan 15 13:29:56 charon: 15[CFG] selected peer config "con2"
Jan 15 13:29:56 charon: 15[ENC] generating AGGRESSIVE response 0 [ SA KE No ID NAT-D NAT-D HASH V V V V V ]
Jan 15 13:29:56 charon: 15[ENC] splitting IKE message with length of 578 bytes into 2 fragments
Jan 15 13:29:56 charon: 15[ENC] generating AGGRESSIVE response 0 [ FRAG ]
Jan 15 13:29:56 charon: 15[ENC] generating AGGRESSIVE response 0 [ FRAG ]
Jan 15 13:29:56 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (548 bytes)
Jan 15 13:29:56 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (102 bytes)
Jan 15 13:29:58 charon: 15[IKE] <con1000|1> sending retransmit 2 of request message ID 0, seq 1
Jan 15 13:29:58 charon: 15[IKE] sending retransmit 2 of request message ID 0, seq 1
Jan 15 13:29:58 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (526 bytes)
Jan 15 13:30:00 charon: 15[IKE] <con2|7> sending retransmit 1 of response message ID 0, seq 1
Jan 15 13:30:00 charon: 15[IKE] sending retransmit 1 of response message ID 0, seq 1
Jan 15 13:30:00 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (548 bytes)
Jan 15 13:30:00 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (102 bytes)
Jan 15 13:30:06 charon: 15[NET] received packet: from OTHER-IP500 to MY-IP500 (518 bytes)
Jan 15 13:30:06 charon: 15[IKE] <con2|7> received retransmit of request with ID 0, retransmitting response
Jan 15 13:30:06 charon: 15[IKE] received retransmit of request with ID 0, retransmitting response
Jan 15 13:30:06 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (548 bytes)
Jan 15 13:30:06 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (102 bytes)
Jan 15 13:30:07 charon: 15[IKE] <con2|7> sending retransmit 2 of response message ID 0, seq 1
Jan 15 13:30:07 charon: 15[IKE] sending retransmit 2 of response message ID 0, seq 1
Jan 15 13:30:07 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (548 bytes)
Jan 15 13:30:07 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (102 bytes)
Jan 15 13:30:11 charon: 15[IKE] <con1000|1> sending retransmit 3 of request message ID 0, seq 1
Jan 15 13:30:11 charon: 15[IKE] sending retransmit 3 of request message ID 0, seq 1
Jan 15 13:30:11 charon: 15[NET] sending packet: from MY-IP500 to OTHER-IP500 (526 bytes)

other side:
Jan 15 13:30:09 racoon: [VPN Reppin]: [MY-IP] ERROR: ignore the packet, received unexpecting payload type 20.
Jan 15 13:30:05 racoon: [VPN Reppin]: [MY-IP] ERROR: ignore the packet, received unexpecting payload type 20.
Jan 15 13:30:04 racoon: [VPN Reppin]: [MY-IP] ERROR: phase1 negotiation failed.
Jan 15 13:30:04 racoon: [VPN Reppin]: [MY-IP] ERROR: failed to process ph1 packet (side: 1, status: 2).
Jan 15 13:30:04 racoon: [VPN Reppin]: [MY-IP] ERROR: couldn't find the pskey for MY-IP.
Jan 15 13:30:04 racoon: [VPN Reppin]: [MY-IP] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Jan 15 13:30:04 racoon: [VPN Reppin]: [MY-IP] INFO: Selected NAT-T version: RFC 3947
Jan 15 13:30:04 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Jan 15 13:30:04 racoon: INFO: received Vendor ID: RFC 3947
Jan 15 13:30:04 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Jan 15 13:30:04 racoon: INFO: received Vendor ID: CISCO-UNITY
Jan 15 13:30:04 racoon: INFO: received Vendor ID: DPD
Jan 15 13:30:04 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jan 15 13:30:04 racoon: INFO: begin Aggressive mode.
Jan 15 13:30:04 racoon: [VPN Reppin]: INFO: respond new phase 1 negotiation: OTHER-IP500<=>MY-IP500
Jan 15 13:29:59 racoon: [Self]: [OTHER-IP] INFO: Hashing OTHER-IP500 with algo #2
Jan 15 13:29:59 racoon: INFO: Adding remote and local NAT-D payloads.
Jan 15 13:29:59 racoon: INFO: NAT not detected
Jan 15 13:29:59 racoon: INFO: NAT-D payload #0 verified
Jan 15 13:29:59 racoon: INFO: NAT-D payload #-1 verified
Jan 15 13:29:59 racoon: [Self]: [OTHER-IP] INFO: Hashing OTHER-IP500 with algo #2
Jan 15 13:29:59 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Jan 15 13:29:59 racoon: INFO: received Vendor ID: RFC 3947
Jan 15 13:29:59 racoon: INFO: received Vendor ID: DPD
Jan 15 13:29:59 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jan 15 13:29:56 racoon: INFO: delete phase 2 handler.
Jan 15 13:29:56 racoon: [VPN Reppin]: [MY-IP] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP MY-IP0->OTHER-IP0
Jan 15 13:29:55 racoon: [VPN Reppin]: [MY-IP] ERROR: ignore the packet, received unexpecting payload type 20.
Jan 15 13:29:53 racoon: INFO: begin Aggressive mode.
Jan 15 13:29:50 racoon: [VPN Reppin]: [MY-IP] ERROR: ignore the packet, received unexpecting payload type 20.
Jan 15 13:29:45 racoon: [VPN Reppin]: [MY-IP] ERROR: ignore the packet, received unexpecting payload type 20.
Jan 15 13:29:41 racoon: [VPN Reppin]: [MY-IP] ERROR: phase1 negotiation failed.
Jan 15 13:29:41 racoon: [VPN Reppin]: [MY-IP] ERROR: failed to process ph1 packet (side: 1, status: 2).
Jan 15 13:29:41 racoon: [VPN Reppin]: [MY-IP] ERROR: couldn't find the pskey for MY-IP.
Jan 15 13:29:41 racoon: [VPN Reppin]: [MY-IP] NOTIFY: couldn't find the proper pskey, try to get one by the peer's address.
Jan 15 13:29:41 racoon: [VPN Reppin]: [MY-IP] INFO: Selected NAT-T version: RFC 3947
Jan 15 13:29:41 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Jan 15 13:29:41 racoon: INFO: received Vendor ID: RFC 3947
Jan 15 13:29:41 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Jan 15 13:29:41 racoon: INFO: received Vendor ID: CISCO-UNITY
Jan 15 13:29:41 racoon: INFO: received Vendor ID: DPD
Jan 15 13:29:41 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jan 15 13:29:41 racoon: INFO: begin Aggressive mode.
Jan 15 13:29:41 racoon: [VPN Reppin]: INFO: respond new phase 1 negotiation: OTHER-IP500<=>MY-IP500

Files

ipsec-fehler.JPG (26.6 KB) ipsec-fehler.JPG IPSec Status Anonymous, 01/15/2015 06:56 AM
Actions
Copy link

Also available in: Atom PDF