[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: isakmpd error messages yet tunnel still works

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: isakmpd error messages yet tunnel still works
From: Dave Smith <dms121_(_at_)_yahoo_(_dot_)_com>
Date: Thu, 24 Feb 2005 06:33:45 -0800 (PST)
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys

Here are the configs, and also the message that shows
up on the other end:

Feb 23 05:29:52 shadow isakmpd[3955]:
message_negotiate_sa: no compatible proposal found
Feb 23 05:29:52 shadow isakmpd[3955]: dropped message
from eckville port 500 due to notification type
NO_PROPOSAL_CHOSEN
Feb 23 05:29:56 shadow isakmpd[3955]:
message_negotiate_sa: no compatible proposal found
Feb 23 05:29:56 shadow isakmpd[3955]: dropped message
from eckville  port 500 due to notification type
NO_PROPOSAL_CHOSEN

[General]
Retransmits=            5
Exchange-max-time=      120
Default-phase-1-lifetime= 28800,28800:28800
Default-phase-2-lifetime= 28800,28800:28800

[Phase 1]
otherBSD = ISAKMP-LANCgw

[Phase 2]
Connections=            IPsec-LANB-LANC

# Settings for VPN eckville
[ISAKMP-LANBgw]
Phase=                  1
Transport=              udp
Address=                eckville
Configuration=          Default-main-mode
Authentication=         secretpassword

# Settings for VPN'ng to OpenBSD Firewall (Support
Services) REMOTE
[ISAKMP-LANCgw]
Phase=                  1
Transport=              udp
Address=                otherBSD
Configuration=          Default-main-mode
Authentication=         secretpassword

[IPsec-LANB-LANC]
Phase=                  2
ISAKMP-peer=          ISAKMP-LANCgw
Configuration=        Default-quick-mode
Local-ID=             Net-LANB
Remote-ID=            Net-LANC

# Internal network at support services
[Net-LANC]
ID-type=                IPV4_ADDR_SUBNET
Network=                192.168.2.0
Netmask=                255.255.255.0

# Internal network at eckville
[Net-LANB]
ID-type=                IPV4_ADDR_SUBNET
Network=                192.168.3.0
Netmask=                255.255.255.0

[Default-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA, 3DES-MD5
[Default-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                
QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-3DES-MD5-PFS-SUITE


--- Hans-Joerg Hoexer
<Hans-Joerg_(_dot_)_Hoexer_(_at_)_yerbouti_(_dot_)_franken_(_dot_)_de> wrote:

> please show us your configs (remove passwords,
> sensitive ips).
> 
> On Wed, Feb 23, 2005 at 04:29:03AM -0800, Dave Smith
> wrote:
> > I'm trying to track down why I'm getting huge logs
> > with errors from isakmpd, yet the vpn still works.
> > It's between two bsd boxes, both using shared key,
> > here's what I'm seeing:
> > 
> > Feb 23 05:07:31 eckville isakmpd[25005]:
> > transport_send_messages: giving up on message
> > 0x3c06b380, exchange ISAKMP-LANCgw
> > Feb 23 05:07:31 eckville isakmpd[25005]:
> > transport_send_messages: either this message did
> not
> > reach the other peer
> > Feb 23 05:07:31 eckville isakmpd[25005]:
> > transport_send_messages: or the responsemessage
> did
> > not reach us back
> > Feb 23 05:09:31 eckville isakmpd[25005]:
> > transport_send_messages: giving up on message
> > 0x3c06b380, exchange ISAKMP-LANCgw
> > Feb 23 05:09:31 eckville isakmpd[25005]:
> > transport_send_messages: either this message did
> not
> > reach the other peer
> > Feb 23 05:09:31 eckville isakmpd[25005]:
> > transport_send_messages: or the responsemessage
> did
> > not reach us back
> > Feb 23 05:11:31 eckville isakmpd[25005]:
> > transport_send_messages: giving up on message
> > 0x3c06b380, exchange ISAKMP-LANCgw
> > Feb 23 05:11:31 eckville isakmpd[25005]:
> > transport_send_messages: either this message did
> not
> > reach the other peer
> > Feb 23 05:11:31 eckville isakmpd[25005]:
> > transport_send_messages: or the responsemessage
> did
> > not reach us back
> > Feb 23 05:13:31 eckville isakmpd[25005]:
> > transport_send_messages: giving up on message
> > 0x3c06b380, exchange ISAKMP-LANCgw
> > Feb 23 05:13:31 eckville isakmpd[25005]:
> > transport_send_messages: either this message did
> not
> > reach the other peer
> > Feb 23 05:13:31 eckville isakmpd[25005]:
> > transport_send_messages: or the responsemessage
> did
> > not reach us back
> > Feb 23 05:15:31 eckville isakmpd[25005]:
> > transport_send_messages: giving up on message
> > 0x3c06b380, exchange ISAKMP-LANCgw
> > Feb 23 05:15:31 eckville isakmpd[25005]:
> > transport_send_messages: either this message did
> not
> > reach the other peer
> > Feb 23 05:15:31 eckville isakmpd[25005]:
> > transport_send_messages: or the responsemessage
> did
> > not reach us back
> > 
> > 
> > This repeats hundreds of times. ISAKMP-LANCgw is
> the
> > other box, both running 3.6.
> > 
> > Dave
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> > http://mail.yahoo.com 
> > 
> 
> -- 
> pub  1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer 
>      <Hans-Joerg_(_dot_)_Hoexer_(_at_)_yerbouti_(_dot_)_franken_(_dot_)_de>
> Key fingerprint = 83D2 436A 0D3C 34A9 E0FF  4C33
> 35F6 617C 513A EFD9

Prev by Date: Re: soekris net4526 pf freeze
Next by Date: Re: soekris net4526 pf freeze
Previous by thread: isakmpd error messages yet tunnel still works
Next by thread: DVD burner needed in Brazil
Index(es):
- Date
- Thread

Visit your host, monkey.org