LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page VPN / IPsec problems - Phase2, timeout
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 03-04-2004, 07:34 PM   #1
tvojvodi
LQ Newbie
 
Registered: Feb 2004
Posts: 5

Rep: Reputation: 0
VPN / IPsec problems - Phase2, timeout

Hi,

... problems with IPsec. Does anyone know what to do and what does this mean ? Have no idea where to search for 'error'. I used '//'//'//.ipsec-howto.org/x247.html to configure ipsec.

I'm trying to ping host behind other ipsec peer/gateway and this is what I get from racoon running in foreground :

...
2004-03-05 02:10:43: WARNING: pfkey.c:1422k_recvexpire(): the expire message is received but the handler has not been established.
2004-03-05 02:10:43: ERROR: pfkey.c:741fkey_timeover(): REMOTE.IP.ADDR give up to get IPsec-SA due to time up to wait.
2004-03-05 02:10:43: INFO: isakmp.c:939:isakmp_ph2begin_i(): initiate new phase 2 negotiation: MY.IP.ADDR[0]<=>REMOTE.IP.ADDR[0]
2004-03-05 02:10:43: ERROR: isakmp_inf.c:838:isakmp_info_recv_n(): unknown notify message, no phase2 handle found.
...

Another interesting thing is PING output :

PING 192.168.115.22 (192.168.115.22) 56(84) bytes of data.
ping: sendmsg: No such process
...
ping: sendmsg: No such process
-----

ipsec.conf :

#!/usr/sbin/setkey -f

flush;
spdflush;

# REMOTE.IP.BEHIND.PEER(LAN) = 192.168.115.22
# MY.IP = external / gateway ip adress

add MY.IP REMOTE.IP esp 0x201 -m tunnel -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831 -A hm
add REMOTE.IP MY.IP esp 0x301 -m tunnel -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df -A hm

spdadd MY.IP REMOTE.IP.BEHIND.PEER(LAN) any -P out ipsec
esp/tunnel/MY.IP-REMOTE.IP/require;

spdadd REMOTE.IP.BEHIND.PEER(LAN) MY.IP any -P in ipsec
esp/tunnel/REMOTE.IP-MY.IP/require;


----

path pre_shared_key "/etc/psk.txt";

listen {
isakmp MY.IP;
}


remote anonymous {
exchange_mode main,aggressive,base;
lifetime time 24 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
dh_group 1;
}
}

sainfo anonymous {
lifetime time 12 hour ;
encryption_algorithm 3des ;
authentication_algorithm hmac_md5 ;
compression_algorithm deflate ;
}


---

I need to establish IPsec connection with another peer and I only know that enc_algorithm is 3des, hash_alg md5, dh_grp 1 and IP adresses of (external) gateway and (internal) computer. I don't even know should I use tunnel or transport mode.


Well.. that's all

Thnx,

B
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
ipsec vpn Snake007uk Linux - Security 6 10-29-2010 03:43 PM
IPSEC VPN Problem nirav.jani Linux - Security 1 01-27-2005 10:01 AM
Need help with IPSec VPN securespeed Linux - Networking 3 07-19-2004 12:25 PM
VPN with IPSec question sergiyn Linux - Networking 2 10-09-2003 01:52 AM
PPTP/IPSEC VPN again cleekjc Linux - Newbie 1 07-31-2003 02:54 AM


All times are GMT -5. The time now is 09:21 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration