[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tunnel notification: NO PROPOSAL CHOSEN

To: Eduardo Alvarenga <eduardo-kw-openbsd.81d1ed@thrx.org>
Subject: Re: tunnel notification: NO PROPOSAL CHOSEN
From: Steve <steve@videogroup.com>
Date: Tue, 10 Feb 2004 10:08:21 -0500
Cc: misc@openbsd.org
Content-Disposition: inline
References: <200402091239.09462.steve@videogroup.com> <200402091302.56241.steve@videogroup.com> <Pine.BSO.4.58.0402091604300.32537@rqhneqb.yna.prv>
User-Agent: KMail/1.5

On Monday 09 February 2004 02:06 pm, Eduardo Alvarenga wrote:
> On Mon, 9 Feb 2004, Steve wrote:
> > Sorry I forgot to include the isakmpd.conf files
>
>  <biiiig-snip>
>
>  Your config files look OK.
>  Try flushing your IPsec rules by running 'ipsecadm flush' and
>  restarting isakmpd on both sides.

Well after I ran the flush things looked fine for a while. But I had to 
leave and when I came back this am I find a slew of the same old error msgs  
(NO PROPOSAL CHOSEN)

Running 'ipsecadm show' on LAN2 gives

sadb_dump: satype unspec vers 2 len 2 seq 1 pid 641
        errno 2: No such file or directory

Running 'tcpdump -nvs1500 -r /var/run/isakmpd.pcap ' gives a looong list 
repeating:

05:00:52.852442 207.mmm.nnn.ooo.500 > 24.mmm.nnn.ooo.500:  [udp sum ok] 
isakmp v1.0 exchange ID_PROT
        cookie: 245ec01eda3d70f4->0000000000000000 msgid: 00000000 len: 80
        payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY
            payload: PROPOSAL len: 40 proposal: 1 proto: ISAKMP spisz: 0 
xforms: 1
                payload: TRANSFORM len: 32
                    transform: 0 ID: ISAKMP
                        attribute ENCRYPTION_ALGORITHM = 3DES_CBC
                        attribute HASH_ALGORITHM = SHA
                        attribute AUTHENTICATION_METHOD = PRE_SHARED
                        attribute GROUP_DESCRIPTION = MODP_1024
                        attribute LIFE_TYPE = SECONDS
                        attribute LIFE_DURATION = 3600 [ttl 0] (id 1)
05:01:23.972774 24.mmm.nnn.ooo.500 > 207.mmm.nnn.ooo.500:  [udp sum ok] 
isakmp v1.0 exchange ID_PROT
        cookie: 3ac934f5ce8aa7b0->0000000000000000 msgid: 00000000 len: 80
        payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY
            payload: PROPOSAL len: 40 proposal: 1 proto: ISAKMP spisz: 0 
xforms: 1
                payload: TRANSFORM len: 32
                    transform: 0 ID: ISAKMP
                        attribute ENCRYPTION_ALGORITHM = 3DES_CBC
                        attribute HASH_ALGORITHM = SHA
                        attribute AUTHENTICATION_METHOD = PRE_SHARED
                        attribute GROUP_DESCRIPTION = MODP_1024
                        attribute LIFE_TYPE = SECONDS
                        attribute LIFE_DURATION = 3600 [ttl 0] (id 1)
05:01:23.973515 207.mmm.nnn.ooo.500 > 24.mmm.nnn.ooo.500:  [udp sum ok] 
isakmp v1.0 exchange INFO
        cookie: 8f6436afeefc1e07->0000000000000000 msgid: 00000000 len: 40
        payload: NOTIFICATION len: 12
            notification: NO PROPOSAL CHOSEN [ttl 0] (id 1)


-- 


____________________________________
Steve Szmidt
VP Information Technology
Video Group Distributors, Inc.
727-585-7737

References:
- tunnel notification: NO PROPOSAL CHOSEN
  - From: Steve <steve@videogroup.com>
- Re: tunnel notification: NO PROPOSAL CHOSEN
  - From: Steve <steve@videogroup.com>
- Re: tunnel notification: NO PROPOSAL CHOSEN
  - From: Eduardo Alvarenga <eduardo-kw-openbsd.81d1ed@thrx.org>

Prev by Date: Re: nic initialization
Next by Date: Re: Number Lock Default on i386 / OBSD 3.4
Prev by thread: Re: tunnel notification: NO PROPOSAL CHOSEN
Next by thread: [OTmaybe] seek some developers help in obsd's code
Index(es):
- Date
- Thread