DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th September 2017
roggy roggy is offline
Port Guard
 
Join Date: Nov 2013
Posts: 41
Default Problem IPSEC phase 2

Hi,

I've been trying for days to close a tunnel with a client and I can not.
Logs always appear:

Quote:
message_recv: cleartext phase 2 message
dropped message from ipcliente port 500 due to notification type INVALID_FLAGS
transport_send_messages: giving up on exchange peer-ipcliente, no response from peer ipcliente:500
I've been looking for a lot on the internet and so far no solution. Just ask to restart the tunnel on both sides.
On my side, I use openbsd 6.1.
Has anyone seen this error?

Thanks!!
Reply With Quote
  #2   (View Single Post)  
Old 18th September 2017
roggy roggy is offline
Port Guard
 
Join Date: Nov 2013
Posts: 41
Default

ipcliente is the client ip
Reply With Quote
  #3   (View Single Post)  
Old 19th September 2017
roggy roggy is offline
Port Guard
 
Join Date: Nov 2013
Posts: 41
Default

The customer uses Mcafee Stonesoft.
Phase 1
main auth hmac-md5 enc 3des group modp1024 lifetime 86400

Phase 2
quick auth hmac-md5 enc 3des group modp1024 lifetime 3600

psk xxxxx
Reply With Quote
  #4   (View Single Post)  
Old 20th September 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,937
Default

I don't have any information on this type of error, and there are very few IPSec users on this forum.

I note that you also posted to misc@, and have not received any replies. I will guess that is because you have not provided any supporting information. Your report did not include a dmesg(8), and it did not include any of the possible IPSec configuration files you might have deployed. From memory, these could be:
  • iked.conf
  • ipsec.conf
  • isakmpd.conf
  • isakmpd.policy
You might consider reposting to misc@ with this missing information. Just redact any private information, such as Internet addresses and keys.
Reply With Quote
  #5   (View Single Post)  
Old 20th September 2017
roggy roggy is offline
Port Guard
 
Join Date: Nov 2013
Posts: 41
Default

jggimi,

I already searched, but I do not know how to respond in the misc list.
Reply With Quote
  #6   (View Single Post)  
Old 20th September 2017
roggy roggy is offline
Port Guard
 
Join Date: Nov 2013
Posts: 41
Default

I got it, thank you
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
IPSEC,CARP,sasyncd -- IPSEC failover is weird da1 OpenBSD Security 4 24th June 2017 12:09 PM
Copying Non-executables in post-install phase darktrym NetBSD Package System (pkgsrc) 2 7th December 2016 10:10 PM
IPSEC VPN to Cisco ISR - ISAKMP Phase-2 invalid ID sparky OpenBSD Security 5 10th March 2012 05:12 PM
Ipsec strange and annoying problem igy01 OpenBSD Security 3 23rd September 2011 04:39 PM
Multiple IPSEC Tunnel problem RMSZaphod FreeBSD Security 1 28th June 2008 10:08 AM


All times are GMT. The time now is 07:21 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick