Hi,
 
I have setup my Linux host to communicate with my WinXP host with a preshared key, the only problem I meet is:
in Windows side, i set the "Authenticate and generate a new key after every 60 minute", then every hour it break a few minute and then restore.
 
with them same ipsec policy, the communication will never break between two WinXP host.
 
Can anybody help me to remove this break?
 
 
Thanks.
Alan
 
 
The following is the racoon log when break.
 
 2007-04-13 12:14:05: DEBUG: pfkey.c:212:pfkey_handler(): get pfkey DELETE message
2007-04-13 12:14:05: DEBUG2: plog.c:208:plogdump():
02040003 13000000 00000000 7c010000 02000100 8ebf5575 04030202 00000000
04000200 6f040000 b0620100 00000000 ef721f46 00000000 f0721f46 00000000
03000500 00200000 02000000 c0a80136 00000000 00000000 03000600 00200000
02000000 c0a8015c 00000000 00000000 03000700 ff000000 02000000 00000000
00000000 00000000 02001300 01000000 00000000 00000000
2007-04-13 12:14:05: DEBUG: pfkey.c:1869:pk_recvdelete(): DELETE message is not interesting because the message was originated by me.
2007-04-13 12:14:05: DEBUG: isakmp.c:315:isakmp_handler(): ===
2007-04-13 12:14:05: DEBUG: isakmp.c:316:isakmp_handler(): 52 bytes message received from 192.168.1.92[500] to 192.168.1.54[500]
2007-04-13 12:14:05: DEBUG: plog.c:208:plogdump():
fadafa52 4e44d115 0d2139c1 f0f7fa05 08102001 b384c831 00000034 f723e304
610e0209 d52800e2 0dcf5631 0bc78d57 3c381593
2007-04-13 12:14:05: ERROR: isakmp.c:2791:nostate2(): wrong state 8.
2007-04-13 12:14:05: ERROR: isakmp.c:903:quick_main(): failed to pre-process packet.
2007-04-13 12:14:07: DEBUG: pfkey.c:212:pfkey_handler(): get pfkey EXPIRE message
2007-04-13 12:14:07: DEBUG2: plog.c:208:plogdump():
02080003 17000000 00000000 00000000 02000100 08927525 04020202 00000000
04000400 00000000 00000000 00000000 20010000 00000000 00000000 00000000
04000200 6f040000 686a0000 00000000 ef721f46 00000000 f0721f46 00000000
03000500 00200000 02000000 c0a8015c 00000000 00000000 03000600 00200000
02000000 c0a80136 00000000 00000000 03000700 ff000000 02000000 00000000
00000000 00000000 02001300 01000000 00000000 00000000
2007-04-13 12:14:07: INFO: pfkey.c:1532:pk_recvexpire(): IPsec-SA expired: ESP/Transport 192.168.1.92[0]->192.168.1.54[0] spi=143815973(0x8927525)
2007-04-13 12:14:07: DEBUG: pfkey.c:1544:pk_recvexpire(): no such a SA found: ESP/Transport 192.168.1.92[0]->192.168.1.54[0] spi=143815973(0x8927525)
///////////////////error

2007-04-13 12:14:24: ERROR: pfkey.c:776:pfkey_timeover(): 192.168.1.92 give up to get IPsec-SA due to time up to wait.
 
 
/////////delete
2007-04-13 12:15:06: DEBUG: isakmp.c:315:isakmp_handler(): ===
2007-04-13 12:15:06: DEBUG: isakmp.c:316:isakmp_handler(): 76 bytes message received from 192.168.1.92[500] to 192.168.1.54[500]
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
fadafa52 4e44d115 0d2139c1 f0f7fa05 08100501 92a244f2 0000004c 405e2c9a
7ba318d7 1989fdd9 f3743f86 ee108ac9 76966103 6a50b779 ae8cc20c 85d2cff1
4758d330 0c8eb1cb 8e07c4a4
2007-04-13 12:15:06: DEBUG: isakmp_inf.c:128:isakmp_info_recv(): receive Information.
2007-04-13 12:15:06: DEBUG: oakley.c:2758:oakley_newiv2(): compute IV for phase2
2007-04-13 12:15:06: DEBUG: oakley.c:2759:oakley_newiv2(): phase1 last IV:
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
5e1309cc bfc1a036 92a244f2
2007-04-13 12:15:06: DEBUG: algorithm.c:270:alg_oakley_hashdef(): hash(md5)
2007-04-13 12:15:06: DEBUG: algorithm.c:413:alg_oakley_encdef(): encryption(des)
2007-04-13 12:15:06: DEBUG: oakley.c:2791:oakley_newiv2(): phase2 IV computed:
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
1d309139 a0362392
2007-04-13 12:15:06: DEBUG: oakley.c:2836:oakley_do_decrypt(): begin decryption.
2007-04-13 12:15:06: DEBUG: algorithm.c:413:alg_oakley_encdef(): encryption(des)
2007-04-13 12:15:06: DEBUG: oakley.c:2850:oakley_do_decrypt(): IV was saved for next processing:
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
0c8eb1cb 8e07c4a4
2007-04-13 12:15:06: DEBUG: algorithm.c:413:alg_oakley_encdef(): encryption(des)
2007-04-13 12:15:06: DEBUG: oakley.c:2875:oakley_do_decrypt(): with key:
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
c566b73f fa0155a8
2007-04-13 12:15:06: DEBUG: oakley.c:2883:oakley_do_decrypt(): decrypted payload by IV:
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
1d309139 a0362392
2007-04-13 12:15:06: DEBUG: oakley.c:2886:oakley_do_decrypt(): decrypted payload, but not trimed.
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
0c000014 a4be3d0a 4fa1d5eb 3dbec924 7d91ca05 0000001c 00000001 01100001
fadafa52 4e44d115 0d2139c1 f0f7fa05
2007-04-13 12:15:06: DEBUG: oakley.c:2895:oakley_do_decrypt(): padding len=6
2007-04-13 12:15:06: DEBUG: oakley.c:2909:oakley_do_decrypt(): skip to trim padding.
2007-04-13 12:15:06: DEBUG: oakley.c:2924:oakley_do_decrypt(): decrypted.
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
fadafa52 4e44d115 0d2139c1 f0f7fa05 08100501 92a244f2 0000004c 0c000014
a4be3d0a 4fa1d5eb 3dbec924 7d91ca05 0000001c 00000001 01100001 fadafa52
4e44d115 0d2139c1 f0f7fa05
2007-04-13 12:15:06: DEBUG: oakley.c:798:oakley_compute_hash1(): HASH with:
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
92a244f2 0000001c 00000001 01100001 fadafa52 4e44d115 0d2139c1 f0f7fa05
2007-04-13 12:15:06: DEBUG: algorithm.c:353:alg_oakley_hmacdef(): hmac(hmac_md5)
2007-04-13 12:15:06: DEBUG: oakley.c:808:oakley_compute_hash1(): HASH computed:
2007-04-13 12:15:06: DEBUG: plog.c:208:plogdump():
a4be3d0a 4fa1d5eb 3dbec924 7d91ca05
2007-04-13 12:15:06: DEBUG: isakmp_inf.c:220:isakmp_info_recv(): hash validated.
2007-04-13 12:15:06: DEBUG: isakmp.c:1342:isakmp_parsewoh(): begin.
2007-04-13 12:15:06: DEBUG: isakmp.c:1369:isakmp_parsewoh(): seen nptype=8(hash)
2007-04-13 12:15:06: DEBUG: isakmp.c:1369:isakmp_parsewoh(): seen nptype=12(delete)
2007-04-13 12:15:06: DEBUG: isakmp.c:1408:isakmp_parsewoh(): succeed.
2007-04-13 12:15:06: DEBUG: pfkey.c:296:pfkey_dump_sadb(): call pfkey_send_dump
2007-04-13 12:15:06: INFO: isakmp.c:3125:purge_remote(): purged IPsec-SA spi=220662298.
2007-04-13 12:15:06: INFO: isakmp.c:3125:purge_remote(): purged IPsec-SA spi=143815973.
2007-04-13 12:15:06: INFO: isakmp.c:3125:purge_remote(): purged IPsec-SA spi=3439783483.
2007-04-13 12:15:06: INFO: isakmp.c:3136:purge_remote(): purged ISAKMP-SA spi=fadafa524e44d115:0d2139c1f0f7fa05.
2007-04-13 12:15:06: DEBUG: isakmp_inf.c:1364:isakmp_info_recv_d(): purged SAs.
2007-04-13 12:15:06: DEBUG: pfkey.c:212:pfkey_handler(): get pfkey DELETE message
2007-04-13 12:15:06: DEBUG2: plog.c:208:plogdump():
02040003 13000000 00000000 7c010000 02000100 0d270a1a 04030202 00000000
04000200 ec000000 20160000 00000000 0d741f46 00000000 0e741f46 00000000
03000500 00200000 02000000 c0a8015c 00000000 00000000 03000600 00200000
02000000 c0a80136 00000000 00000000 03000700 ff000000 02000000 00000000
00000000 00000000 02001300 01000000 00000000 00000000
2007-04-13 12:15:06: DEBUG: pfkey.c:1869:pk_recvdelete(): DELETE message is not interesting because the message was originated by me.
2007-04-13 12:15:06: DEBUG: pfkey.c:212:pfkey_handler(): get pfkey DELETE message
2007-04-13 12:15:06: DEBUG2: plog.c:208:plogdump():
02040003 13000000 00000000 7c010000 02000100 08927525 04030202 00000000
04000200 6f040000 686a0000 00000000 ef721f46 00000000 f0721f46 00000000
03000500 00200000 02000000 c0a8015c 00000000 00000000 03000600 00200000
02000000 c0a80136 00000000 00000000 03000700 ff000000 02000000 00000000
00000000 00000000 02001300 01000000 00000000 00000000
2007-04-13 12:15:06: DEBUG: pfkey.c:1869:pk_recvdelete(): DELETE message is not interesting because the message was originated by me.
2007-04-13 12:15:06: DEBUG: pfkey.c:212:pfkey_handler(): get pfkey DELETE message
2007-04-13 12:15:06: DEBUG2: plog.c:208:plogdump():
02040003 13000000 00000000 7c010000 02000100 cd06ee3b 04030202 00000000
04000200 ec000000 c0490000 00000000 0d741f46 00000000 0e741f46 00000000
03000500 00200000 02000000 c0a80136 00000000 00000000 03000600 00200000
02000000 c0a8015c 00000000 00000000 03000700 ff000000 02000000 00000000
00000000 00000000 02001300 01000000 00000000 00000000
2007-04-13 12:15:06: DEBUG: pfkey.c:1869:pk_recvdelete(): DELETE message is not interesting because the message was originated by me.
2007-04-13 12:15:07: INFO: isakmp.c:1904:isakmp_ph1delete(): ISAKMP-SA deleted 192.168.1.54[500]-192.168.1.92[500] spi:fadafa524e44d115:0d2139c1f0f7fa05

 


使用下一代的 MSN Messenger。 立即尝试!