isakmpd fills my log
hi all, i use ipsec to replace wep for my wlan so the setup is pretty simple and all and everything works. I used this page http://www.dietlein.com/requisites/ipsec/ to get it to work and my configs are the same as in the guide. The problem is since i switched from 3.7 to 3.8 isakmpd fills my /var/log/messages with info that it cant connect when my laptop if off. Like below all around the clock. How can i stop this the best way ? i start isakmpd in rc.conf with just best regards martin Nov 30 15:15:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:15:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:16:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 Nov 30 15:18:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 Nov 30 15:19:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:19:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:20:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
Re: isakmpd fills my log
please show us your config files. On Wed, Nov 30, 2005 at 03:31:27PM +0100, martin wrote: hi all, i use ipsec to replace wep for my wlan so the setup is pretty simple and all and everything works. I used this page http://www.dietlein.com/requisites/ipsec/ to get it to work and my configs are the same as in the guide. The problem is since i switched from 3.7 to 3.8 isakmpd fills my /var/log/messages with info that it cant connect when my laptop if off. Like below all around the clock. How can i stop this the best way ? i start isakmpd in rc.conf with just best regards martin Nov 30 15:15:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:15:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:16:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 Nov 30 15:18:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 Nov 30 15:19:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:19:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:20:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
Re: isakmpd fills my log
Hans-Joerg Hoexer wrote: please show us your config files. On Wed, Nov 30, 2005 at 03:31:27PM +0100, martin wrote: hi all, i use ipsec to replace wep for my wlan so the setup is pretty simple and all and everything works. I used this page http://www.dietlein.com/requisites/ipsec/ to get it to work and my configs are the same as in the guide. The problem is since i switched from 3.7 to 3.8 isakmpd fills my /var/log/messages with info that it cant connect when my laptop if off. Like below all around the clock. How can i stop this the best way ? i start isakmpd in rc.conf with just best regards martin Nov 30 15:15:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:15:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:16:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 Nov 30 15:18:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 Nov 30 15:19:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:19:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:20:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 -- * Stay in touch with www.inMail24.com! Your time-proof mailbox and photoalbum * Zoner PhotoStudio 7 - Your Photos perfect, shared, organised! www.zoner.com mkay.. isakmpd.conf [General] Policy-file=/etc/isakmpd/isakmpd.policy Retransmits=4 Listen-On= 10.10.10.10 [Phase 1] 10.10.10.9= ISAKMP-peer-ignition [Phase 2] Connections=IPsec-ignition-soekris [ISAKMP-peer-ignition] Phase= 1 Transport= udp Local-Address= 10.10.10.10 Address=10.10.10.9 Configuration= Default-main-mode Authentication= 2secret2btrue [IPsec-ignition-soekris] Phase= 2 ISAKMP-peer=ISAKMP-peer-ignition Configuration= Default-quick-mode Local-ID= Addr-fjuttsi Remote-ID= Addr-laptop [Addr-laptop] ID-type=IPV4_ADDR Address=10.10.10.9 [Addr-fjuttsi] ID-type=IPV4_ADDR Address=10.10.10.10 [Default-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Default-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-SUITE ...isakmpd.policy... KeyNote-Version: 2 Comment: This policy accepts ESP SAs from a remote that uses the right password Authorizer: POLICY Licensees: passphrase:2secret2btrue Conditions: app_domain == IPsec policy esp_present == yes esp_enc_alg == 3des esp_auth_alg == hmac-sha - true;
Re: isakmpd fills my log
On Wed, Nov 30, 2005 at 03:58:07PM +0100, martin wrote: ... [Phase 1] 10.10.10.9= ISAKMP-peer-ignition [Phase 2] Connections=IPsec-ignition-soekris this should be a passive connection. Otherwise isakmpd will try to keep this connection up and when this fails it gets logged. This should also happen on 3.7, btw. [ISAKMP-peer-ignition] Phase= 1 Transport= udp Local-Address= 10.10.10.10 Address=10.10.10.9 Configuration= Default-main-mode Authentication= 2secret2btrue [IPsec-ignition-soekris] Phase= 2 ISAKMP-peer=ISAKMP-peer-ignition Configuration= Default-quick-mode Local-ID= Addr-fjuttsi Remote-ID= Addr-laptop [Addr-laptop] ID-type=IPV4_ADDR Address=10.10.10.9 [Addr-fjuttsi] ID-type=IPV4_ADDR Address=10.10.10.10 [Default-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Default-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-SUITE ...isakmpd.policy... KeyNote-Version: 2 Comment: This policy accepts ESP SAs from a remote that uses the right password Authorizer: POLICY Licensees: passphrase:2secret2btrue Conditions: app_domain == IPsec policy esp_present == yes esp_enc_alg == 3des esp_auth_alg == hmac-sha - true;