Re: Any Ideas ? isakmpd loggs: exchange_setup_p1: unknown exchange type QUICK_MODE

Fri, 29 Aug 2008 01:33:12 -0700 

Solution:

Due to a kind of Typo in isakmpd.conf the local keying deamon tried to
use the phase2 definitions for negociating an incoming p1 request.

Thanks to anyone who put some thoughts on the question.

Kinde regards,

        Stefan

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Stefan Sczekalla
Sent: Friday, August 22, 2008 5:40 PM
To: [email protected]
Subject: Any Ideas ? isakmpd loggs: exchange_setup_p1: unknown exchange
type QUICK_MODE

... and send no answer back to xxx.yyy.zzz.uuu

My Host is an OpenBSD 3.8, the other - remote ( xxx.yyy.zzz.uuu ) is a
securepoint using strongswan.

17:11:22.476524 xxx.yyy.zzz.uuu.500 > aaa.bbb.ccc.ddd.500:  [udp sum ok]
isakmp v1.0 exchange ID_PROT
        cookie: 26e5b1720844a0fa->0000000000000000 msgid: 00000000 len:
212
        payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY
            payload: PROPOSAL len: 40 proposal: 0 proto: ISAKMP spisz: 0
xforms: 1
                payload: TRANSFORM len: 32
                    transform: 0 ID: ISAKMP
                        attribute LIFE_TYPE = SECONDS
                        attribute LIFE_DURATION = 3600
                        attribute ENCRYPTION_ALGORITHM = 3DES_CBC
                        attribute HASH_ALGORITHM = MD5
                        attribute AUTHENTICATION_METHOD = PRE_SHARED
                        attribute GROUP_DESCRIPTION = MODP_1024
        payload: VENDOR len: 20
        payload: VENDOR len: 12
        payload: VENDOR len: 20 (supports DPD v1.0)
        payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
        payload: VENDOR len: 20 (supports v3 NAT-T,
draft-ietf-ipsec-nat-t-ike-03)
        payload: VENDOR len: 20 (supports v2 NAT-T,
draft-ietf-ipsec-nat-t-ike-02\n)
        payload: VENDOR len: 20 (supports v1 NAT-T,
draft-ietf-ipsec-nat-t-ike-00) [ttl 0] (id 1, len 240)

Any Ideas why this packet ist not answered by my Openbsd-BOX ?

I double-checked my configs twice and have two additional well running
tunnels.

Kind regards,

Stefan

Reply via email to