This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

standard-rsa vpn not working after 5.019 update

Dear *,

we have the problem that a standard-rsa-vpn between two Astaro boxes, both with 5.019 does not work anymore.

The VPN routes are not visible anymore.
Our box tells us in the VPN status:
---cut---
000 #4: "S_ipsec__rsa__hss_0" STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 38s
000 #3: "S_ipsec__rsa__hss_0" STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 21s
---cut---
The remote box tells us in the VPN status:
---cut---
000 #4: "S_ipsec__rsa__kernzeit_0" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 7369s
000 #7: "S_ipsec__rsa__kernzeit_0" STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 1s
000 #2: "S_ipsec__rsa__kernzeit_0" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 7299s
000 #8: "S_ipsec__rsa__kernzeit_0" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 7511s; newest ISAKMP
000 #6: "S_ipsec__rsa__kernzeit_0" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 7440s
---cut---

A VPN route can not be established.

I already deleted everything and set it up nice and fresh...:-(
The only things that changed are that we updated to 5.019

The ipsec log looks like:
---cut---
"S_ipsec__rsa__kernzeit_0" #1: initiating Main Mode
2004:08:23-17:39:44 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2004:08:23-17:39:45 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
2004:08:23-17:39:45 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: WARNING: compute_dh_shared(): for OAKLEY_GROUP_MODP1536 took 400219 usec
2004:08:23-17:39:45 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
2004:08:23-17:39:48 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
2004:08:23-17:39:49 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: ignoring informational payload, type INVALID_ID_INFORMATION
2004:08:23-17:39:49 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: received and ignored informational message
2004:08:23-17:39:55 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: discarding duplicate packet; already STATE_MAIN_I3
2004:08:23-17:39:58 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: ignoring informational payload, type INVALID_ID_INFORMATION
2004:08:23-17:39:58 ottobronx pluto[3577]: "S_ipsec__rsa__kernzeit_0" #1: received and ignored informational message
---cut---

Thanks for any input.

Matthias
.FIN

This thread was automatically locked due to age.

Parents

0 MatthiasFleschuetz over 21 years ago

Sorry my fault...the VPN identifier didnt match...my fault...:-/

Matt
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 MatthiasFleschuetz over 21 years ago

Sorry my fault...the VPN identifier didnt match...my fault...:-/

Matt
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data