Hi paul, Any update ?
On 6/5/19, optimas primat <[email protected]> wrote: > 3.28 . previously I had 3.26, but with that also I was getting same > TS_UNACCEPTABLE error. but there were no "message id deadlock? " logs. > > On 6/5/19, Paul Wouters <[email protected]> wrote: >> On Wed, 5 Jun 2019, optimas primat wrote: >> >>> pluto[27863]: "siteB_ipsec/1x1" #2: IKEv2 mode peer ID is ID_FQDN: >>> '@abcd1' >>> pluto[27863]: "siteB_ipsec/1x1" #2: Authenticated using authby=secret >>> pluto[27863]: "siteB_ipsec/1x1" #2: negotiated connection >>> [172.16.56.0-172.16.56.255:0-65535 0] -> >>> [172.16.55.0-172.16.55.255:0-65535 0] >>> pluto[27863]: "siteB_ipsec/1x1" #2: STATE_V2_IPSEC_I: IPsec SA >>> established tunnel mode {ESP=>0xc26dbe6f <0x0f9f825a >>> xfrm=3DES_CBC-HMAC_MD5_96 NATOA=none NATD=none DPD=passive} >> >> So the first tunnel comes up. >> >>> pluto[27863]: "siteB_ipsec/1x2": constructed local ESP/AH proposals >>> for siteB_ipsec/1x2 (ESP/AH initiator emitting proposals): >>> 1:ESP:ENCR=3DES;INTEG=HMAC_MD5_96;DH=MODP1024;ESN=DISABLED >>> pluto[27863]: "siteB_ipsec/2x1": constructed local ESP/AH proposals >>> for siteB_ipsec/2x1 (ESP/AH initiator emitting proposals): >>> 1:ESP:ENCR=3DES;INTEG=HMAC_MD5_96;DH=MODP1024;ESN=DISABLED >>> pluto[27863]: "siteB_ipsec/2x2": constructed local ESP/AH proposals >>> for siteB_ipsec/2x2 (ESP/AH initiator emitting proposals): >>> 1:ESP:ENCR=3DES;INTEG=HMAC_MD5_96;DH=MODP1024;ESN=DISABLED >>> pluto[27863]: "siteB_ipsec/1x2" #3: STATE_V2_CREATE_I: sent IPsec >>> Child req wait response >> >> The second one is attempted.. >> >>> pluto[27863]: "siteB_ipsec/2x1" #4: message id deadlock? wait sending, >>> add to send next list using parent #1 unacknowledged 1 next message >>> id=3 ike exchange window 1 >> >> The others are queued up and waiting.... >> >>> pluto[27863]: "siteB_ipsec/1x2" #3: no useful state microcode entry >>> found for incoming packet >>> pluto[27863]: "siteB_ipsec/1x2" #3: dropping unexpected >>> CREATE_CHILD_SA message containing TS_UNACCEPTABLE pluto[27863]: >> >> Seems it mismatched the subnets? >> >>> 1:ESP:SPI=a0b9b411;ENCR=3DES;INTEG=HMAC_MD5_96;DH=MODP1024;ESN=DISABLED >>> chosen from remote proposals >>> 1:ESP:ENCR=3DES;INTEG=HMAC_MD5_96;DH=MODP1024;ESN=DISABLED[first-match] >>> pluto[12791]: "siteA_ipsec/1x1"[1] 172.16.88.2 #3: responding to >>> CREATE_CHILD_SA message (ID 2) from 172.16.88.2:500 with encrypted >>> notification TS_UNACCEPTABLE >> >> It seemed to have picked the already established connection, then >> decided to not switch? >> >> Which version of libreswan is this? >> >> Paul >> > _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
