isakmpd fills my log

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

isakmpd fills my log

martin-58
hi all, i use ipsec to replace wep for my wlan so the setup is pretty
simple and all and everything works. I used this page
http://www.dietlein.com/requisites/ipsec/ to get it to work and my
configs are the same as in the guide. The problem is since i switched
from 3.7 to 3.8 isakmpd fills my /var/log/messages with info that it
cant connect when my laptop if off.
Like below all around the clock.
How can i stop this the best way ? i start isakmpd in rc.conf with just ""

best regards martin

Nov 30 15:15:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
is down
Nov 30 15:15:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
is down
Nov 30 15:16:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
Nov 30 15:18:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
Nov 30 15:19:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
is down
Nov 30 15:19:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
is down
Nov 30 15:20:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd fills my log

Hans-Joerg Hoexer
please show us your config files.

On Wed, Nov 30, 2005 at 03:31:27PM +0100, martin wrote:

> hi all, i use ipsec to replace wep for my wlan so the setup is pretty
> simple and all and everything works. I used this page
> http://www.dietlein.com/requisites/ipsec/ to get it to work and my
> configs are the same as in the guide. The problem is since i switched
> from 3.7 to 3.8 isakmpd fills my /var/log/messages with info that it
> cant connect when my laptop if off.
> Like below all around the clock.
> How can i stop this the best way ? i start isakmpd in rc.conf with just ""
>
> best regards martin
>
> Nov 30 15:15:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
> is down
> Nov 30 15:15:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
> is down
> Nov 30 15:16:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
> up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
> Nov 30 15:18:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
> up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
> Nov 30 15:19:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
> is down
> Nov 30 15:19:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
> is down
> Nov 30 15:20:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
> up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd fills my log

martin-58
Hans-Joerg Hoexer wrote:

>please show us your config files.
>
>On Wed, Nov 30, 2005 at 03:31:27PM +0100, martin wrote:
>  
>
>>hi all, i use ipsec to replace wep for my wlan so the setup is pretty
>>simple and all and everything works. I used this page
>>http://www.dietlein.com/requisites/ipsec/ to get it to work and my
>>configs are the same as in the guide. The problem is since i switched
>>from 3.7 to 3.8 isakmpd fills my /var/log/messages with info that it
>>cant connect when my laptop if off.
>>Like below all around the clock.
>>How can i stop this the best way ? i start isakmpd in rc.conf with just ""
>>
>>best regards martin
>>
>>Nov 30 15:15:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
>>is down
>>Nov 30 15:15:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
>>is down
>>Nov 30 15:16:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
>>up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
>>Nov 30 15:18:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
>>up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
>>Nov 30 15:19:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
>>is down
>>Nov 30 15:19:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
>>is down
>>Nov 30 15:20:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
>>up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
>>
>>    
>>
>
>
>----------
>* Stay in touch with www.inMail24.com! Your time-proof mailbox and photoalbum
>* Zoner PhotoStudio 7 - Your Photos perfect, shared, organised! www.zoner.com
>
>
>
>  
>
mkay..

isakmpd.conf

[General]
Policy-file=            /etc/isakmpd/isakmpd.policy
Retransmits=            4
Listen-On=              10.10.10.10

[Phase 1]
10.10.10.9=             ISAKMP-peer-ignition

[Phase 2]
Connections=            IPsec-ignition-soekris

[ISAKMP-peer-ignition]
Phase=                  1
Transport=              udp
Local-Address=          10.10.10.10
Address=                10.10.10.9
Configuration=          Default-main-mode
Authentication=         2secret2btrue

[IPsec-ignition-soekris]
Phase=                  2
ISAKMP-peer=            ISAKMP-peer-ignition
Configuration=          Default-quick-mode
Local-ID=               Addr-fjuttsi
Remote-ID=              Addr-laptop

[Addr-laptop]
ID-type=                IPV4_ADDR
Address=                10.10.10.9

[Addr-fjuttsi]
ID-type=                IPV4_ADDR
Address=                10.10.10.10

[Default-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA

[Default-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-3DES-SHA-SUITE


...isakmpd.policy...

KeyNote-Version: 2
Comment: This policy accepts ESP SAs from a remote that uses the right
password
Authorizer: "POLICY"
Licensees: "passphrase:2secret2btrue"
Conditions: app_domain == "IPsec policy" &&
            esp_present == "yes" &&
            esp_enc_alg == "3des" &&
            esp_auth_alg == "hmac-sha" -> "true";

Reply | Threaded
Open this post in threaded view
|

Re: isakmpd fills my log

Hans-Joerg Hoexer
On Wed, Nov 30, 2005 at 03:58:07PM +0100, martin wrote:
...
> [Phase 1]
> 10.10.10.9=             ISAKMP-peer-ignition
>
> [Phase 2]
> Connections=            IPsec-ignition-soekris

this should be a passive connection.  Otherwise isakmpd will try
to keep this connection up and when this fails it gets logged.  This
should also happen on 3.7, btw.

>
> [ISAKMP-peer-ignition]
> Phase=                  1
> Transport=              udp
> Local-Address=          10.10.10.10
> Address=                10.10.10.9
> Configuration=          Default-main-mode
> Authentication=         2secret2btrue
>
> [IPsec-ignition-soekris]
> Phase=                  2
> ISAKMP-peer=            ISAKMP-peer-ignition
> Configuration=          Default-quick-mode
> Local-ID=               Addr-fjuttsi
> Remote-ID=              Addr-laptop
>
> [Addr-laptop]
> ID-type=                IPV4_ADDR
> Address=                10.10.10.9
>
> [Addr-fjuttsi]
> ID-type=                IPV4_ADDR
> Address=                10.10.10.10
>
> [Default-main-mode]
> DOI=                    IPSEC
> EXCHANGE_TYPE=          ID_PROT
> Transforms=             3DES-SHA
>
> [Default-quick-mode]
> DOI=                    IPSEC
> EXCHANGE_TYPE=          QUICK_MODE
> Suites=                 QM-ESP-3DES-SHA-SUITE
>
>
> ...isakmpd.policy...
>
> KeyNote-Version: 2
> Comment: This policy accepts ESP SAs from a remote that uses the right
> password
> Authorizer: "POLICY"
> Licensees: "passphrase:2secret2btrue"
> Conditions: app_domain == "IPsec policy" &&
>            esp_present == "yes" &&
>            esp_enc_alg == "3des" &&
>            esp_auth_alg == "hmac-sha" -> "true";