Date: Mon, 2 Sep 2002 23:07:14 +0200 (CEST) From: "Kenneth Karoliussen" <kenneth@karoliussen.net> To: <questions@freebsd.org> Cc: <kenneth@karoliussen.net> Subject: "give up to get IPsec-SA due to time up to wait" Message-ID: <1838.192.168.1.2.1031000834.squirrel@www.active-area.com>
next in thread | raw e-mail | index | archive | help
Hi, I've set up two seperate FreeBSD IPSEC clients (using racoon) toward our VPN Inel Netstructure, routing two different RFC1918 C-nets. Both clients are almost identical in configuration, but one of them does not obtain a proper connection, and seems to fail with the following time out entry in phase2: "give up to get IPsec-SA due to time up to wait" racoon.log (public addresses changed): *snip* 2002-09-02 22:52:30: INFO: isakmp.c:896:isakmp_ph1begin_r(): begin Identity Protection mode. 2002-09-02 22:52:31: WARNING: isakmp_inf.c:1281:isakmp_check_notify(): ignore INITIAL-CONTACT notification, because it is only accepted after phase1. 2002-09-02 22:52:31: INFO: isakmp.c:2409:log_ph1established(): ISAKMP-SA established XclientaddrX[500]-XvpnaddX[500] spi:c6c6651f642823a9:b061d2bdd67f9c40 2002-09-02 22:52:31: INFO: isakmp.c:1046:isakmp_ph2begin_r(): respond new phase 2 negotiation: XclientaddrX[0]<=>XvpnaddX[0] 2002-09-02 22:52:31: ERROR: proposal.c:489:cmpsatrns(): trns_id mismatched: my:2 peer:3 2002-09-02 22:52:31: INFO: pfkey.c:1107:pk_recvupdate(): IPsec-SA established: ESP/Tunnel XvpnaddX->XclientaddrX spi=137162047(0x82ced3f) 2002-09-02 22:52:31: INFO: pfkey.c:1319:pk_recvadd(): IPsec-SA established: ESP/Tunnel XclientaddrX->XvpnaddX spi=1006533165(0x3bfe7a2d) 2002-09-02 22:52:45: ERROR: pfkey.c:738:pfkey_timeover(): XvpnaddX give up to get IPsec-SA due to time up to wait. 2002-09-02 22:52:45: INFO: isakmp.c:1561:isakmp_ph1delete(): ISAKMP-SA deleted XclientaddrX[500]-XvpnaddX[500] spi:302e0ef400930c65:cb04d55e3ed8e717 The other IPSEC client is running without any problem, and I really appreciate any ideas what may be the cause.. Best, Kenneth Karolissen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1838.192.168.1.2.1031000834.squirrel>