Re: Problem IPSEC phase 2
Hi, In the link below, are the client screens, with the settings. http://189.6.44.103:8080/ Does anyone on the list use this McAfee Stonesoft? Thanks!! 2017-09-20 17:27 GMT-03:00 Christiano Liberato: > More information: > > The customer uses Mcafee Stonesoft. > Phase 1 > main auth hmac-md5 enc 3des group modp1024 lifetime 86400 > > Phase 2 > quick auth hmac-md5 enc 3des group modp1024 lifetime 3600 > > psk > > Errors in the messages > > Sep 20 17:25:09 gw isakmpd[14702]: message_recv: cleartext phase 2 message > Sep 20 17:25:09 gw isakmpd[14702]: dropped message from ip_client port 500 > due to notification type INVALID_FLAGS > Sep 20 17:25:16 gw isakmpd[14702]: message_recv: invalid cookie(s) > 385f90768ec871e1 928fe1b941afcfe4 > Sep 20 17:25:16 gw isakmpd[14702]: dropped message from ip_client port 500 > due to notification type INVALID_COOKIE > Sep 20 17:25:25 gw isakmpd[14702]: message_recv: invalid cookie(s) > 385f90768ec871e1 059208ff39accc6d > Sep 20 17:25:25 gw isakmpd[14702]: dropped message from ip_client port 500 > due to notification type INVALID_COOKIE > Sep 20 17:25:36 gw isakmpd[14702]: transport_send_messages: giving up on > exchange peer-ip_client, no response from peer ip_client:500 > > 2017-09-18 11:30 GMT-03:00 Christiano Liberato < > christianoliber...@gmail.com>: > >> Hi, >> >> I've been trying for days to close a tunnel with a client and I can not. >> Logs always appear: >> >> message_recv: cleartext phase 2 message >> dropped message from ipcliente port 500 due to notification type >> INVALID_FLAGS >> transport_send_messages: giving up on exchange peer-ipcliente, no >> response from peer ipcliente:500 >> >> I've been looking for a lot on the internet and so far no solution. Just >> ask to restart the tunnel on both sides. >> On my side, I use openbsd 6.1. >> Has anyone seen this error? >> >> Thanks!! >> > >
Re: Problem IPSEC phase 2
More information: The customer uses Mcafee Stonesoft. Phase 1 main auth hmac-md5 enc 3des group modp1024 lifetime 86400 Phase 2 quick auth hmac-md5 enc 3des group modp1024 lifetime 3600 psk Errors in the messages Sep 20 17:25:09 gw isakmpd[14702]: message_recv: cleartext phase 2 message Sep 20 17:25:09 gw isakmpd[14702]: dropped message from ip_client port 500 due to notification type INVALID_FLAGS Sep 20 17:25:16 gw isakmpd[14702]: message_recv: invalid cookie(s) 385f90768ec871e1 928fe1b941afcfe4 Sep 20 17:25:16 gw isakmpd[14702]: dropped message from ip_client port 500 due to notification type INVALID_COOKIE Sep 20 17:25:25 gw isakmpd[14702]: message_recv: invalid cookie(s) 385f90768ec871e1 059208ff39accc6d Sep 20 17:25:25 gw isakmpd[14702]: dropped message from ip_client port 500 due to notification type INVALID_COOKIE Sep 20 17:25:36 gw isakmpd[14702]: transport_send_messages: giving up on exchange peer-ip_client, no response from peer ip_client:500 2017-09-18 11:30 GMT-03:00 Christiano Liberato: > Hi, > > I've been trying for days to close a tunnel with a client and I can not. > Logs always appear: > > message_recv: cleartext phase 2 message > dropped message from ipcliente port 500 due to notification type > INVALID_FLAGS > transport_send_messages: giving up on exchange peer-ipcliente, no response > from peer ipcliente:500 > > I've been looking for a lot on the internet and so far no solution. Just > ask to restart the tunnel on both sides. > On my side, I use openbsd 6.1. > Has anyone seen this error? > > Thanks!! >
Problem IPSEC phase 2
Hi, I've been trying for days to close a tunnel with a client and I can not. Logs always appear: message_recv: cleartext phase 2 message dropped message from ipcliente port 500 due to notification type INVALID_FLAGS transport_send_messages: giving up on exchange peer-ipcliente, no response from peer ipcliente:500 I've been looking for a lot on the internet and so far no solution. Just ask to restart the tunnel on both sides. On my side, I use openbsd 6.1. Has anyone seen this error? Thanks!!