deconnexion VPN depuis passage 1.4.10

[grome]

Bonjour à tous,

Qui a des deconnexions VPN depuis le passage en 1.4.10 ?

merci d'avance

[grome]

bon je suis repassé en 1.4.9 sur le site principal. Du coup mes vpn fonctionnent pour les sites en 1.4.9.
Je n'avais appliqué la mise à jour 1.4.10 que sur deux sites.

Par contre le site qui est resté en 1.4.10 n'a plus de vpn. J'ai tout recréé de a à z. J'ai regénéré des certificats mais rien. Impossible d'établir un tunnel entre ce sites distant en 1.4.10 et mon site principal en 1.4.9. Pourtant la procédure mise en oeuvre est la même que d'habitude. Je ne sais pas trop quoi faire alors si quelqu'un à une idée je transmets le log ci dessous.

merci d'avance

Code: Tout sélectionner

18:02:01   pluto[4891]   | next event EVENT_SHUNT_SCAN in 120 seconds
18:02:01   pluto[4891]   | scanning for shunt eroutes
18:02:01   pluto[4891]   | inserting event EVENT_SHUNT_SCAN, timeout in 120 seconds
18:02:01   pluto[4891]   | event after this is EVENT_REINIT_SECRET in 3480 seconds
18:02:01   pluto[4891]   | *time to handle event
18:02:01   pluto[4891]   |
18:00:03   ipsec__plutorun   ...could not start conn "tunnelapresmaj"
18:00:03   ipsec__plutorun   021 no connection named "tunnelapresmaj"
18:00:03   pluto[4891]   | next event EVENT_SHUNT_SCAN in 118 seconds
18:00:03   pluto[4891]   | *received whack message
18:00:03   pluto[4891]   |
18:00:03   ipsec__plutorun   ...could not route conn "tunnelapresmaj"
18:00:03   ipsec__plutorun   021 no connection named "tunnelapresmaj"
18:00:03   pluto[4891]   | next event EVENT_SHUNT_SCAN in 118 seconds
18:00:03   pluto[4891]   | *received whack message
18:00:03   pluto[4891]   |
18:00:03   pluto[4891]   | next event EVENT_SHUNT_SCAN in 118 seconds
18:00:03   pluto[4891]   | L1 - coefficient:
18:00:03   pluto[4891]   | L1 - exponent2:
18:00:03   pluto[4891]   | L1 - exponent1:
18:00:03   pluto[4891]   | L1 - prime2:
18:00:03   pluto[4891]   | L1 - prime1:
18:00:03   pluto[4891]   | L1 - privateExponent:
18:00:03   pluto[4891]   | L1 - publicExponent:
18:00:03   pluto[4891]   | L1 - modulus:
18:00:03   pluto[4891]   | L1 - version:
18:00:03   pluto[4891]   | L0 - RSAPrivateKey:
18:00:03   pluto[4891]   | file coded in PEM format
18:00:03   pluto[4891]   | -----END RSA PRIVATE KEY-----
18:00:03   pluto[4891]   | -----BEGIN RSA PRIVATE KEY-----
18:00:03   pluto[4891]   | file content is not binary ASN.1
18:00:03   pluto[4891]   loaded private key file '/var/ipcop/certs/hostkey.pem' (891 bytes)
18:00:03   pluto[4891]   loading secrets from "/etc/ipsec.secrets"
18:00:03   pluto[4891]   | could not open /proc/net/if_inet6
18:00:03   pluto[4891]   | IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored
18:00:03   pluto[4891]   | IP interface eth0 192.168.4.254 has no matching ipsec* interface -- ignored
18:00:03   pluto[4891]   adding interface ipsec0/eth1 82.125.YYY.XXX:4500
18:00:03   pluto[4891]   adding interface ipsec0/eth1 82.125.YYY.XXX
18:00:03   pluto[4891]   | found ipsec0 with address 82.125.YYY.XXX
18:00:03   pluto[4891]   | found eth1 with address 82.125.YYY.XXX
18:00:03   pluto[4891]   | found eth0 with address 192.168.4.254
18:00:03   pluto[4891]   | found lo with address 127.0.0.1
18:00:03   pluto[4891]   listening for IKE messages
18:00:03   pluto[4891]   | *received whack message
18:00:03   pluto[4891]   |
18:00:03   pluto[4891]   | next event EVENT_SHUNT_SCAN in 118 seconds
18:00:03   pluto[4891]   OpenPGP certificate file '/etc/pgpcert.pgp' not found
18:00:03   pluto[4891]   | crl list unlocked by 'insert_crl'
18:00:03   pluto[4891]   | crl list locked by 'insert_crl'
18:00:03   pluto[4891]   | crl signature is valid
18:00:03   pluto[4891]   | cacert list unlocked by 'insert_crl'
18:00:03   pluto[4891]   | 58


[grome]

Bon après plusieurs tests et reconfig de ipcop en 1.4.9 mes tunnels tiennent sauf celui qui a à une extrémité un ipcop 1.4.10. Il continue de tomber alors qu'il fonctionnait très bien en 1.4.9.
Je viens de monter un autre site en 1.4.9 hier et aucun problème de déconnexion.

J'ai bien un soucis avec la 1.4.10 avec les vpn en "réseau à réseau" est ce que quelqu'un a eu les mêmes problèmes.

merci d'avance...

[Franck78]

sauf celui qui a à une extrémité un ipcop 1.4.10. Il continue de tomber alors qu'il fonctionnait très bien en 1.4.9.

Il continue de tomber, ca veut dire qu'il s'établit alors?
Ce log ne mentionne aucument les certif x509. Pourquoi tu penses que les regénérer arrangera les choses?
On parle bien du vpn de IPCop, pas l'addon openvpn?
Si oui, va dans l'écran 'options avancées' et sélectionne les mêmes protocoles que sur ton 1.4.9

Et donne un log plus récent eventuellement en choisissant d'jouter les debugs appropriés (pas le 'raw').

[dbzh]

Même probleme impossible de connecter le VPN "reseau à reseau" avec 2 IPCOP 1.4.10 avant ça marchais bien. Le VPN reste "FERME"

Je vais repasser en 1.4.9 il reste plus que ça.

[Franck78]

Je vais repasser en 1.4.9 il reste plus que ça.

C'est pas ça qui aidera.

va dans l'écran 'options avancées' et sélectionne les mêmes protocoles que sur ton 1.4.9
, c'est pas dur à rendre compte du résultat quand même
Et des logs, des deux extrémités en même temps.
Parceque faut bien comprendre que si piège il y a en 1.4.10, piège sera en 1.4.11 si lui pas dézinguer

[erreipnaej]

Bonjour,

@Franck "Grang Maitre en Désinguage de piéges de VPN"
Moi avoir vu problémes similaires....

Bon on arréte les $%#&!!

Comme je l'ai déja indiqué dans un autre post, je n'arrive pas à établir un VPN entre 1.4.10 et 1.4.2.
Je n'ai pas eu le temps de retravailler dessus et donc je suis incapable de vous aider plus.
J'ai en plus laissé tomber pour le moment car je souhaitais mettre à jour le 1.4.2 et tout revoir à cette occasion.
Je vais tacher de me repencher sur le probléme ce soir pour éviter ce type de post qui ne font que lever le liévre sans faire avancer le schmimimlibilibilick comme disait notre ami Coluche.
Donc à ce soir! (en souhaitant que ma Freebox ne péte pas les plombs)
@+

[erreipnaej]

Bonsoir,

Les deux bouts du VPN ont été réinstallés
IpCop 1 Ver 1.4.10
IpCop 2 Ver 1.4.2
Pas d'erreur lors de l'installation des certificats.
Les deux machines sont en IP dynamiques chez no-ip.com.
Le ping est à 100-110ms entre les deux machines.
Les logs des 2 machines sont ci dessous.
Le VPN a été désactivé puis réactivé et démarré sur les deux machines pour avoir le log IPSEC de toute la procédure.
Log IPSEC de la machine 1

Code: Tout sélectionner

21:30:00   pluto[13730]   packet from a.b.c.d:500: initial Main Mode message received on e.f.g.h:500 but no connection has been authorized with policy=RSASIG
21:30:00   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [Dead Peer Detection]
21:30:00   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-00]
21:30:00   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-02]
21:30:00   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [draft-ietf-ipsec-nat-t -ike-03]
21:29:20   pluto[13730]   packet from a.b.c.d:500: initial Main Mode message received on e.f.g.h:500 but no connection has been authorized with policy=RSASIG
21:29:20   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [Dead Peer Detection]
21:29:20   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-00]
21:29:20   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-02]
21:29:20   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [draft-ietf-ipsec-nat-t -ike-03]
21:28:40   pluto[13730]   packet from a.b.c.d:500: initial Main Mode message received on e.f.g.h:500 but no connection has been authorized with policy=RSASIG
21:28:40   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [Dead Peer Detection]
21:28:40   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-00]
21:28:40   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-02]
21:28:40   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [draft-ietf-ipsec-nat-t -ike-03]
21:28:20   pluto[13730]   packet from a.b.c.d:500: initial Main Mode message received on e.f.g.h:500 but no connection has been authorized with policy=RSASIG
21:28:20   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [Dead Peer Detection]
21:28:20   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-00]
21:28:20   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-02]
21:28:20   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [draft-ietf-ipsec-nat-t -ike-03]
21:28:10   pluto[13730]   packet from a.b.c.d:500: initial Main Mode message received on e.f.g.h:500 but no connection has been authorized with policy=RSASIG
21:28:10   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [Dead Peer Detection]
21:28:10   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-00]
21:28:10   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-02]
21:28:10   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [draft-ietf-ipsec-nat-t -ike-03]
21:28:04   pluto[13730]   packet from a.b.c.d:500: initial Main Mode message received on e.f.g.h:500 but no connection has been authorized with policy=RSASIG
21:28:04   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [Dead Peer Detection]
21:28:04   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-00]
21:28:04   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-02]
21:28:04   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [draft-ietf-ipsec-nat-t -ike-03]
21:27:45   pluto[13730]   "vpnipcop": we have no ipsecN interface for either end of this connection
21:27:45   pluto[13730]   added connection description "vpnipcop"
21:27:45   pluto[13730]   loaded host cert file '/var/ipcop/certs/vpnipcopcert.pem' (1151 bytes)
21:27:45   pluto[13730]   loaded host cert file '/var/ipcop/certs/hostcert.pem' (1155 bytes)
21:27:45   pluto[13730]   | from whack: got --ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1 536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3d es-md5-modp1024!
21:27:45   pluto[13730]   | from whack: got --esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5!
21:27:45   pluto[13730]   "vpnipcop": deleting connection
21:27:44   pluto[13730]   loaded private key file '/var/ipcop/certs/hostkey.pem' (887 bytes)
21:27:44   pluto[13730]   loading secrets from "/etc/ipsec.secrets"
21:27:44   pluto[13730]   forgetting secrets
21:27:34   pluto[13730]   packet from a.b.c.d:500: initial Main Mode message received on e.f.g.h:500 but no connection has been authorized with policy=RSASIG
21:27:34   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [Dead Peer Detection]
21:27:34   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-00]
21:27:34   pluto[13730]   packet from a.b.c.d:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-02]
21:27:34   pluto[13730]   packet from a.b.c.d:500: received Vendor ID payload [draft-ietf-ipsec-nat-t -ike-03]
21:26:57   ipsec__plutorun   ...could not start conn "vpnipcop"
21:26:57   ipsec__plutorun   022 "vpnipcop": we have no ipsecN interface for either end of this connection
21:26:57   pluto[13730]   "vpnipcop": we have no ipsecN interface for either end of this connection
21:26:57   ipsec__plutorun   ...could not route conn "vpnipcop"
21:26:57   ipsec__plutorun   022 "vpnipcop": we have no ipsecN interface for either end of this connection
21:26:57   pluto[13730]   loaded private key file '/var/ipcop/certs/hostkey.pem' (887 bytes)
21:26:57   pluto[13730]   loading secrets from "/etc/ipsec.secrets"
21:26:57   pluto[13730]   adding interface ipsec0/eth1 e.f.g.h:4500
21:26:57   pluto[13730]   adding interface ipsec0/eth1 e.f.g.h
21:26:57   pluto[13730]   listening for IKE messages
21:26:57   pluto[13730]   added connection description "vpnipcop"
21:26:57   pluto[13730]   loaded host cert file '/var/ipcop/certs/vpnipcopcert.pem' (1151 bytes)
21:26:57   pluto[13730]   loaded host cert file '/var/ipcop/certs/hostcert.pem' (1155 bytes)
21:26:57   pluto[13730]   | from whack: got --ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1 536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3d es-md5-modp1024!
21:26:57   pluto[13730]   | from whack: got --esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5!
21:26:57   pluto[13730]   OpenPGP certificate file '/etc/pgpcert.pgp' not found
21:26:57   pluto[13730]   loaded crl file 'cacrl.pem' (564 bytes)
21:26:57   pluto[13730]   Changing to directory '/etc/ipsec.d/crls'
21:26:57   pluto[13730]   file coded in unknown format, discarded
21:26:57   pluto[13730]   loaded cacert file '.rnd' (1024 bytes)
21:26:57   pluto[13730]   loaded cacert file 'cacert.pem' (1277 bytes)
21:26:57   pluto[13730]   error in X.509 certificate
21:26:57   pluto[13730]   loaded cacert file 'cakey.pem' (1679 bytes)
21:26:56   pluto[13730]   loaded cacert file 'ipcop2cert.pem' (1277 bytes)
21:26:56   pluto[13730]   Changing to directory '/etc/ipsec.d/cacerts'
21:26:56   pluto[13730]   ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
21:26:56   pluto[13730]   ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
21:26:56   pluto[13730]   ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
21:26:56   pluto[13730]   ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
21:26:56   pluto[13730]   ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
21:26:56   pluto[13730]   ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
21:26:56   pluto[13730]   ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
21:26:56   pluto[13730]   ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
21:26:56   pluto[13730]   including NAT-Traversal patch (Version 0.6)
21:26:56   pluto[13730]   including X.509 patch with traffic selectors (Version 0.9.42)
21:26:56   pluto[13730]   Starting Pluto (Openswan Version 1.0.10rc2)
21:26:56   ipsec_setup   ...Openswan IPsec started
21:26:56   ipsec__plutorun   Starting Pluto subsystem...
21:26:56   ipsec_setup   KLIPS ipsec0 on eth1 d.e.f.g/255.255.255.0 broadcast l.m.n.o
21:26:56   ipsec_setup   KLIPS debug `none'
21:26:56   ipsec_setup   Starting Openswan IPsec 1.0.10rc2...
21:26:56   ipsec_setup   ...Openswan IPsec stopped

Log IPSEC de la machine 2

Code: Tout sélectionner

21:43:28 pluto[3872] "vpnipcop" #3: initiating Main Mode to replace #2
21:43:28 pluto[3872] "vpnipcop" #2: starting keying attempt 2 of an unlimited number
21:43:28 pluto[3872] "vpnipcop" #2: max number of retransmissions (20) reached STATE_MAIN_I1. No acceptable response to our first IKE message
21:30:18 pluto[3872] "vpnipcop" #2: initiating Main Mode
21:30:18 pluto[3872] added connection description "vpnipcop"
21:30:18 pluto[3872] loaded host cert file '/var/ipcop/certs/hostcert.pem' (1151 bytes)
21:30:18 pluto[3872] loaded host cert file '/var/ipcop/certs/vpnipcopcert.pem' (1155 bytes)
21:30:18 pluto[3872] | from whack: got --ike=3des
21:30:18 pluto[3872] | from whack: got --esp=3des
21:30:18 ipsec__plutorun ...could not start conn "vpnipcop"
21:30:18 ipsec__plutorun: 010 "vpnipcop" #1: STATE_MAIN_I1 retransmission; will wait 40s for response
21:30:18 ipsec__plutorun: 010 "vpnipcop" #1: STATE_MAIN_I1 retransmission; will wait 20s for response
21:30:18 ipsec__plutorun: 104 "vpnipcop" #1: STATE_MAIN_I1 initiate
21:30:18 pluto[3872] "vpnipcop" #1: deleting state (STATE_MAIN_I1)
21:30:18 pluto[3872] "vpnipcop": deleting connection
21:30:17 pluto[3872] loaded private key file '/var/ipcop/certs/hostkey.pem' (887 bytes)
21:30:17 pluto[3872] loading secrets from "/etc/ipsec.secrets"
21:30:17 pluto[3872] forgetting secrets
21:29:42 pluto[3872] "vpnipcop" #1: initiating Main Mode
21:29:41 pluto[3872] loaded private key file '/var/ipcop/certs/hostkey.pem' (887 bytes)
21:29:41 pluto[3872] loading secrets from "/etc/ipsec.secrets"
21:29:41 pluto[3872] adding interface ipsec0/ppp0 a.b.c.d:4500
21:29:41 pluto[3872] adding interface ipsec0/ppp0 a.b.c.d
21:29:41 pluto[3872] listening for IKE messages
21:29:41 pluto[3872] added connection description "vpnipcop"
21:29:41 pluto[3872] loaded host cert file '/var/ipcop/certs/hostcert.pem' (1151 bytes)
21:29:41 pluto[3872] loaded host cert file '/var/ipcop/certs/vpnipcopcert.pem' (1155 bytes)
21:29:41 pluto[3872] | from whack: got --ike=3des
21:29:41 pluto[3872] | from whack: got --esp=3des
21:29:40 pluto[3872] OpenPGP certificate file '/etc/pgpcert.pgp' not found
21:29:40 pluto[3872] loaded crl file 'cacrl.pem' (564 bytes)
21:29:40 pluto[3872] Changing to directory '/etc/ipsec.d/crls'
21:29:40 pluto[3872] loaded cacert file 'cacert.pem' (1277 bytes)
21:29:40 pluto[3872] error in X.509 certificate
21:29:40 pluto[3872] loaded cacert file 'cakey.pem' (1675 bytes)
21:29:40 pluto[3872] loaded cacert file 'japycopcert.pem' (1277 bytes)
21:29:40 pluto[3872] Changing to directory '/etc/ipsec.d/cacerts'
21:29:40 pluto[3872] ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
21:29:40 pluto[3872] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
21:29:40 pluto[3872] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
21:29:40 pluto[3872] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
21:29:40 pluto[3872] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
21:29:40 pluto[3872] ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
21:29:40 pluto[3872] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
21:29:40 pluto[3872] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
21:29:40 pluto[3872] including NAT-Traversal patch (Version 0.6)
21:29:40 pluto[3872] including X.509 patch with traffic selectors (Version 0.9.42)
21:29:40 pluto[3872] Starting Pluto (Openswan Version 1.0.7)
21:29:40 ipsec_setup ...Openswan IPsec started
21:29:39 ipsec__plutorun Starting Pluto subsystem...
21:29:39 ipsec_setup KLIPS ipsec0 on ppp0 a.b.c.d/255.255.255.255 pointopoint l.m.n.o
21:29:39 ipsec_setup KLIPS debug `none'
21:29:39 ipsec_setup Starting Openswan IPsec 1.0.7...
21:29:39 ipsec_setup ...Openswan IPsec stopped
21:29:39 ipsec_setup: ipsec Device or resource busy
21:29:39 ipsec_setup doing cleanup anyway...
21:29:39 ipsec_setup stop ordered, but IPsec does not appear to be running!
21:29:39 ipsec_setup Stopping Openswan IPsec...
21:25:33 ipsec_setup ...Openswan IPsec stopped

Les valeurs genre a.b.c.d correspondent aux adresses IP.
Aprés examan des log, il semblerait qu'il y ait une erreur dans les certificats X.509. Je ne vois pas laquelle car j'ai suivi la même procédure qu'auparavant pour leur création lorsque IpCop 1 était en 1.4.6.
Que puis je tenter pour débloquer la situation?
Est ce que l'activation d'une des options DEBUG sur le 1.4.10 pourrait m'aider à comprendre?
Merci de votre aide

[Franck78]

Code: Tout sélectionner

21:27:45   pluto[13730]   "vpnipcop": we have no ipsecN interface for either end of this connection


Hello,
ca, c'est le message qui indique le problème.

Au démarrage du tunnel 'vpnipcop', pluto lit toutes les IPs et nom de domaine etc etc et cela lui permet forcément de savoir si il est 'left' ou 'rigth' pour la suite des évenements.
Mais il n'y arrive pas.

Donc le problème vient d'un changement de ipsec.conf qui comporterait une erreur.
Soit c'est donc la config réseau qu'un changement empèche 'pluto' de valider quel coté du tunel il est.

Tu pourrais si tu as le courage: copier ton ipsec.conf-1.4.10 tel quel, réinstallé une 1.4.9 et
-refaire la config
-vérifier que c'est OK
-comparer les deux ipsec.conf
-mettre le ipsec.conf.1.4.10 et refaire #:>ipsecctrl S

Sur les deux config
ipsec --barf
et compare tranquillement les deux relevés.

Peut être que les debug parsing et control peuvent aider. Essaye-les

Franck

[erreipnaej]

Bonsoir Franck,

Merci de ton aide.
J'avais vu ça aussi en plus du message

Code: Tout sélectionner

error in X.509 certificate

Je dois encore avoir dans un coin du disque ma sauvegarde avant de passer en 1.4.10.
Je vais exhumer ce fichier.
Par contre j'ai comparé entre 1.4.2 et 1.4.10 et le 1.4.10 est plus complet.
Je vais vérifier demain plus en détails tous ces fichiers (1.4.2, 4.4.10 et 1.4.9 si je le retrouve).
Je vous tiens au courant.
@+

[Franck78]

Bonsoir Franck,

Merci de ton aide.
J'avais vu ça aussi en plus du message

Code: Tout sélectionner

error in X.509 certificate

Je l'ai toujours vu trainer celui là... Ce doit être un détail cosmétique dans le certificat.

[grome]

Je vais repasser en 1.4.9 il reste plus que ça.

C'est pas ça qui aidera.

va dans l'écran 'options avancées' et sélectionne les mêmes protocoles que sur ton 1.4.9
, c'est pas dur à rendre compte du résultat quand même
Et des logs, des deux extrémités en même temps.
Parceque faut bien comprendre que si piège il y a en 1.4.10, piège sera en 1.4.11 si lui pas dézinguer

J'ai comparé les paramètres avancées de mes vpn et j'utilise les mêmes de chaque côté.
Une remarque tout de même (je ne sais pas si c'est important) : sur la 1.4.10 dans intégrité IKE l'avant derniere ligne est "SHA" alors que sur la 1.4.9 j'ai "SHA1".

[Franck78]

Pas génant, c'est juste le label qui change. Tu as enregistré (validé), ca coince toujours. Ca serait quand même plus simple de donner un extrait de log non ?

[grome]

Pas génant, c'est juste le label qui change. Tu as enregistré (validé), ca coince toujours. Ca serait quand même plus simple de donner un extrait de log non ?

oui excuse moi pour les logs, j'ai tout regardé depuis ce matin sur les deux passerelles et j'ai choisi ces deux passages ils ne sont peut être pas significatifs... Dis moi ce que tu en penses éventuellement je sors des logs plus gros que je mettrai à dispo en dehors du forum.

Les logs ci dessous sont ceux de la passerelle 1.4.10 qui pose problème.

11:38:14 pluto[604] "tunnelcoul" #296: starting keying attempt 158 of an unlimited number
11:38:14 pluto[604] "tunnelcoul" #296: max number of retransmissions (2) reached STATE_MAIN_I3. Pos sible authentication failure: no acceptable response to our first encrypted mess age
11:37:34 pluto[604] "tunnelcoul" #296: discarding duplicate packet; already STATE_MAIN_I3
11:37:14 pluto[604] "tunnelcoul" #296: discarding duplicate packet; already STATE_MAIN_I3
11:37:04 pluto[604] "tunnelcoul" #296: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11:37:04 pluto[604] "tunnelcoul" #296: NAT-Traversal: Result using RFC 3947: no NAT detected
11:37:04 pluto[604] "tunnelcoul" #296: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
11:37:04 pluto[604] "tunnelcoul" #296: received Vendor ID payload [Dead Peer Detection]
11:37:04 pluto[604] "tunnelcoul" #296: received Vendor ID payload [RFC 3947]
11:37:04 pluto[604] "tunnelcoul" #296: initiating Main Mode to replace #295
11:37:04 pluto[604] "tunnelcoul" #295: starting keying attempt 157 of an unlimited number
11:37:04 pluto[604] "tunnelcoul" #295: max number of retransmissions (2) reached STATE_MAIN_I3. Pos sible authentication failure: no acceptable response to our first encrypted mess age
11:36:24 pluto[604] "tunnelcoul" #295: discarding duplicate packet; already STATE_MAIN_I3
11:36:04 pluto[604] "tunnelcoul" #295: discarding duplicate packet; already STATE_MAIN_I3
11:35:54 pluto[604] "tunnelcoul" #295: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11:35:54 pluto[604] "tunnelcoul" #295: NAT-Traversal: Result using RFC 3947: no NAT detected
11:35:54 pluto[604] "tunnelcoul" #295: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
11:35:54 pluto[604] "tunnelcoul" #295: received Vendor ID payload [Dead Peer Detection]
11:35:54 pluto[604] "tunnelcoul" #295: received Vendor ID payload [RFC 3947]
11:35:54 pluto[604] "tunnelcoul" #295: initiating Main Mode to replace #294
11:35:54 pluto[604] "tunnelcoul" #294: starting keying attempt 156 of an unlimited number
11:35:54 pluto[604] "tunnelcoul" #294: max number of retransmissions (2) reached STATE_MAIN_I3. Pos sible authentication failure: no acceptable response to our first encrypted mess age
11:35:14 pluto[604] "tunnelcoul" #294: discarding duplicate packet; already STATE_MAIN_I3
11:34:54 pluto[604] "tunnelcoul" #294: discarding duplicate packet; already STATE_MAIN_I3
11:34:44 pluto[604] "tunnelcoul" #294: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11:34:44 pluto[604] "tunnelcoul" #294: NAT-Traversal: Result using RFC 3947: no NAT detected
11:34:44 pluto[604] "tunnelcoul" #294: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
11:34:44 pluto[604] "tunnelcoul" #294: received Vendor ID payload [Dead Peer Detection]
11:34:44 pluto[604] "tunnelcoul" #294: received Vendor ID payload [RFC 3947]
11:34:44 pluto[604] "tunnelcoul" #294: initiating Main Mode to replace #293
11:34:44 pluto[604] "tunnelcoul" #293: starting keying attempt 155 of an unlimited number
11:34:44 pluto[604] "tunnelcoul" #293: max number of retransmissions (2) reached STATE_MAIN_I3. Pos sible authentication failure: no acceptable response to our first encrypted mess age
11:34:04 pluto[604] "tunnelcoul" #293: discarding duplicate packet; already STATE_MAIN_I3
11:33:44 pluto[604] "tunnelcoul" #293: discarding duplicate packet; already STATE_MAIN_I3
11:33:34 pluto[604] "tunnelcoul" #293: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11:33:34 pluto[604] "tunnelcoul" #293: NAT-Traversal: Result using RFC 3947: no NAT detected
11:33:33 pluto[604] "tunnelcoul" #293: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
11:33:33 pluto[604] "tunnelcoul" #293: received Vendor ID payload [Dead Peer Detection]
11:33:33 pluto[604] "tunnelcoul" #293: received Vendor ID payload [RFC 3947]
11:33:33 pluto[604] "tunnelcoul" #293: initiating Main Mode to replace #290
11:33:33 pluto[604] "tunnelcoul" #290: starting keying attempt 154 of an unlimited number
11:33:33 pluto[604] "tunnelcoul" #290: max number of retransmissions (2) reached STATE_MAIN_I3. Pos sible authentication failure: no acceptable response to our first encrypted mess age
11:33:05 pluto[604] "tunnelcoul" #292: IPsec SA established
11:33:05 pluto[604] "tunnelcoul" #292: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
11:33:05 pluto[604] "tunnelcoul" #292: Dead Peer Detection (RFC3706) enabled
11:33:05 pluto[604] "tunnelcoul" #292: transition from state (null) to state STATE_QUICK_R1
11:33:05 pluto[604] "tunnelcoul" #292: responding to Quick Mode
11:33:05 pluto[604] "tunnelcoul" #291: sent MR3, ISAKMP SA established
11:33:05 pluto[604] "tunnelcoul" #291: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
11:33:05 pluto[604] "tunnelcoul" #291: Issuer CRL not found
11:33:05 pluto[604] "tunnelcoul" #291: Issuer CRL not found
11:33:05 pluto[604] "tunnelcoul" #291: Main mode peer ID is ID_DER_ASN1_DN: 'C=FR, ST=france, O=masociete , OU=informatique, CN=masociete.dyndns.org'
11:33:04 pluto[604] "tunnelcoul" #291: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
11:33:04 pluto[604] "tunnelcoul" #291: NAT-Traversal: Result using RFC 3947: no NAT detected
11:33:04 pluto[604] "tunnelcoul" #291: transition from state (null) to state STATE_MAIN_R1
11:33:04 pluto[604] "tunnelcoul" #291: responding to Main Mode
11:33:04 pluto[604] packet from 215.111.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]
11:33:04 pluto[604] packet from 215.111.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-00]
11:33:04 pluto[604] packet from 215.111.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-02]
11:33:04 pluto[604] packet from 215.111.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t -ike-03]
11:33:04 pluto[604] packet from 215.111.xxx.xxx:500: received Vendor ID payload [RFC 3947]
11:32:53 pluto[604] ERROR: asynchronous network error report on eth1 for message to 215.111.xxx.xxx por t 500, complainant 172.20.84.49: No route to host [errno 113, origin ICMP type 1 1 code 0 (not authenticated)]
11:32:33 pluto[604] "tunnelcoul" #290: discarding duplicate packet; already STATE_MAIN_I3
11:32:23 pluto[604] "tunnelcoul" #290: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11:32:23 pluto[604] "tunnelcoul" #290: NAT-Traversal: Result using RFC 3947: no NAT detected
11:32:22 pluto[604] "tunnelcoul" #290: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
11:32:22 pluto[604] "tunnelcoul" #290: received Vendor ID payload [Dead Peer Detection]
11:32:22 pluto[604] "tunnelcoul" #290: received Vendor ID payload [RFC 3947]
11:32:22 pluto[604] "tunnelcoul" #290: initiating Main Mode to replace #289
11:32:22 pluto[604] "tunnelcoul" #289: starting keying attempt 153 of an unlimited number
11:32:22 pluto[604] "tunnelcoul" #289: max number of retransmissions (2) reached STATE_MAIN_I3. Pos sible authentication failure: no acceptable response to our first encrypted mess age
11:31:42 pluto[604] "tunnelcoul" #289: discarding duplicate packet; already STATE_MAIN_I3
11:31:22 pluto[604] "tunnelcoul" #289: discarding duplicate packet; already STATE_MAIN_I3
11:31:12 pluto[604] "tunnelcoul" #289: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11:31:12 pluto[604] "tunnelcoul" #289: NAT-Traversal: Result using RFC 3947: no NAT detected
11:31:12 pluto[604] "tunnelcoul" #289: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
11:31:12 pluto[604] "tunnelcoul" #289: received Vendor ID payload [Dead Peer Detection]
11:31:12 pluto[604] "tunnelcoul" #289: received Vendor ID payload [RFC 3947]
11:31:12 pluto[604] "tunnelcoul" #289: initiating Main Mode to replace #288
11:31:12 pluto[604] "tunnelcoul" #288: starting keying attempt 152 of an unlimited number
11:31:12 pluto[604] "tunnelcoul" #288: max number of retransmissions (2) reached STATE_MAIN_I3. Pos sible authentication failure: no acceptable response to our first encrypted mess age
11:30:32 pluto[604] "tunnelcoul" #288: discarding duplicate packet; already STATE_MAIN_I3
11:30:12 pluto[604] "tunnelcoul" #288: discarding duplicate packet; already STATE_MAIN_I3
11:30:02 pluto[604] "tunnelcoul" #288: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11:30:02 pluto[604] "tunnelcoul" #288: NAT-Traversal: Result using RFC 3947: no NAT detected
11:30:02 pluto[604] "tunnelcoul" #288: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
11:30:02 pluto[604] "tunnelcoul" #288: received Vendor ID payload [Dead Peer Detection]
11:30:02 pluto[604] "tunnelcoul" #288: received Vendor ID payload [RFC 3947]
11:30:02 pluto[604] "tunnelcoul" #288: initiating Main Mode to replace #287

Ci dessous les logs de la passerelle en 1.4.9 qui est la passerelle du site principal. Tous les tunnels sont définis sur celle ci en 1.4.9.

11:32:51 pluto[24109] "tunneltest" #3: initiating Main Mode
11:32:51 ipsec__plutorun 003 "tunnelcoul" #1: NAT-Traversal: Result using RFC 3947: no NAT detected
11:32:51 ipsec__plutorun 106 "tunnelcoul" #1: STATE_MAIN_I2: sent MI2, expecting MR2
11:32:51 ipsec__plutorun 003 "tunnelcoul" #1: received Vendor ID payload [Dead Peer Detection]
11:32:51 ipsec__plutorun 003 "tunnelcoul" #1: received Vendor ID payload [RFC 3947]
11:32:51 ipsec__plutorun 104 "tunnelcoul" #1: STATE_MAIN_I1: initiate
11:32:51 pluto[24109] "tunnelcoul" #2: sent QI2, IPsec SA established
11:32:51 pluto[24109] "tunnelcoul" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
11:32:51 pluto[24109] "tunnelcoul" #2: Dead Peer Detection (RFC3706) enabled
11:32:51 pluto[24109] "tunnelcoul" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
11:32:51 pluto[24109] "tunnelcoul" #1: ISAKMP SA established
11:32:51 pluto[24109] "tunnelcoul" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
11:32:51 pluto[24109] "tunnelcoul" #1: Issuer CRL not found
11:32:51 pluto[24109] "tunnelcoul" #1: Issuer CRL not found
11:32:51 pluto[24109] "tunnelcoul" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=FR, ST=france, O=masocietece ntre, OU=informatique, CN=masociete-centre.dyndns.org'
11:32:50 pluto[24109] "tunnelcoul" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
11:32:50 pluto[24109] "tunnelcoul" #1: NAT-Traversal: Result using RFC 3947: no NAT detected
11:32:50 pluto[24109] "tunnelcoul" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
11:32:50 pluto[24109] "tunnelcoul" #1: received Vendor ID payload [Dead Peer Detection]
11:32:50 pluto[24109] "tunnelcoul" #1: received Vendor ID payload [RFC 3947]
11:32:50 pluto[24109] "tunnelcoul" #1: initiating Main Mode
11:32:49 pluto[24109] loaded private key file '/var/ipcop/certs/hostkey.pem' (887 bytes)
11:32:49 pluto[24109] loading secrets from "/etc/ipsec.secrets"
11:32:49 pluto[24109] adding interface ipsec0/ppp0 215.111.xxx.xxx:4500
11:32:49 pluto[24109] adding interface ipsec0/ppp0 215.111.xxx.xxx
11:32:49 pluto[24109] listening for IKE messages
11:32:49 pluto[24109] added connection description "tunnelmasociete17"
11:32:49 pluto[24109] loaded host cert file '/var/ipcop/certs/hostcert.pem' (1456 bytes)
11:32:49 pluto[24109] loaded host cert file '/var/ipcop/certs/tunnelmasociete17cert.pem' (1269 bytes)
11:32:49 pluto[24109] | from whack: got --ike=3des
11:32:49 pluto[24109] | from whack: got --esp=3des
11:32:48 pluto[24109] added connection description "tunneltest"
11:32:48 pluto[24109] loaded host cert file '/var/ipcop/certs/hostcert.pem' (1456 bytes)
11:32:48 pluto[24109] loaded host cert file '/var/ipcop/certs/tunneltestcert.pem' (1277 bytes)
11:32:48 pluto[24109] | from whack: got --ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1 536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3d es-md5-modp1024
11:32:48 pluto[24109] | from whack: got --esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
11:32:48 pluto[24109] added connection description "tunnelcoul"
11:32:48 pluto[24109] loaded host cert file '/var/ipcop/certs/hostcert.pem' (1456 bytes)
11:32:48 pluto[24109] loaded host cert file '/var/ipcop/certs/tunnelcoulcert.pem' (1497 bytes)
11:32:48 pluto[24109] | from whack: got --ike=aes128-sha-modp1536,aes128-sha-modp1024,aes128-md5-modp1 536,aes128-md5-modp1024,3des-sha-modp1536,3des-sha-modp1024,3des-md5-modp1536,3d es-md5-modp1024
11:32:48 pluto[24109] | from whack: got --esp=aes128-sha1,aes128-md5,3des-sha1,3des-md5
11:32:48 pluto[24109] OpenPGP certificate file '/etc/pgpcert.pgp' not found
11:32:48 pluto[24109] loaded crl file 'cacrl.pem' (690 bytes)
11:32:47 pluto[24109] Changing to directory '/etc/ipsec.d/crls'
11:32:47 pluto[24109] file coded in unknown format, discarded
11:32:47 pluto[24109] loaded cacert file '.rnd' (1024 bytes)
11:32:47 pluto[24109] loaded cacert file 'cacert.pem' (1651 bytes)
11:32:47 pluto[24109] error in X.509 certificate
11:32:47 pluto[24109] loaded cacert file 'cakey.pem' (1675 bytes)
11:32:47 pluto[24109] loaded cacert file 'masociete17cert.pem' (1403 bytes)
11:32:47 pluto[24109] loaded cacert file 'masocietecentrecert.pem' (1688 bytes)
11:32:47 pluto[24109] loaded cacert file 'jeromecert.pem' (1424 bytes)
11:32:47 pluto[24109] Changing to directory '/etc/ipsec.d/cacerts'
11:32:46 pluto[24109] ike_alg_register_enc(): Activating OAKLEY_SSH_PRIVATE_65289: Ok (ret=0)
11:32:46 pluto[24109] ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
11:32:46 pluto[24109] ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
11:32:46 pluto[24109] ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
11:32:46 pluto[24109] ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
11:32:46 pluto[24109] ike_alg_register_enc(): Activating OAKLEY_CAST_CBC: Ok (ret=0)
11:32:46 pluto[24109] ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
11:32:46 pluto[24109] ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
11:32:46 pluto[24109] including NAT-Traversal patch (Version 0.6)
11:32:46 pluto[24109] including X.509 patch with traffic selectors (Version 0.9.42)
11:32:46 pluto[24109] Starting Pluto (Openswan Version 1.0.10rc2)
11:32:45 ipsec_setup ...Openswan IPsec started
11:32:45 ipsec__plutorun Starting Pluto subsystem...
11:32:45 ipsec_setup KLIPS ipsec0 on ppp0 215.111.xxx.xxx/255.255.255.255 pointopoint 172.20.xxx.xxx
11:32:44 ipsec_setup KLIPS debug `none'
11:32:44 ipsec_setup Starting Openswan IPsec 1.0.10rc2...
11:32:44 ipsec_setup ipsec: Device or resource busy
11:32:44 ipsec_setup doing cleanup anyway...
11:32:44 ipsec_setup stop ordered, but IPsec does not appear to be running!
11:32:44 ipsec_setup ...Openswan IPsec stopped
11:32:44 ipsec_setup Stopping Openswan IPsec...
11:32:36 ipsec_setup ...Openswan IPsec stopped
11:32:36 ipsec_setup ipsec: Device or resource busy
11:32:35 ipsec_setup /usr/lib/ipsec/tncfg: Socket ioctl failed on detach -- No such device. Is the v irtual device valid? The ipsec module may not be linked into the kernel or load ed as a module.
11:32:34 pluto[16063] shutting down interface ipsec0/ppp0 215.111.xxx.xxx
11:32:34 pluto[16063] shutting down interface ipsec0/ppp0 215.111.xxx.xxx
11:32:34 pluto[16063] "tunnelmasociete17" #1407: deleting state (STATE_MAIN_I1)
11:32:34 pluto[16063] "tunnelmasociete17": deleting connection
11:32:34 pluto[16063] "tunneltest" #1408: deleting state (STATE_MAIN_I1)
11:32:34 pluto[16063] "tunneltest": deleting connection
11:32:34 pluto[16063] ERROR: "tunnelcoul" #1382: sendto on ppp0 to 81.56.xxx.xxx:500 failed in delete notify. Errno 101: Network is unreachable
11:32:34 pluto[16063] "tunnelcoul" #1382: deleting state (STATE_MAIN_I4)
11:32:34 pluto[16063] ERROR: "tunnelcoul" #1383: sendto on ppp0 to 81.56.xxx.xxx:500 failed in delete notify. Errno 101: Network is unreachable
11:32:34 pluto[16063] "tunnelcoul" #1383: deleting state (STATE_QUICK_I2)
11:32:34 pluto[16063] "tunnelcoul" #1410: deleting state (STATE_MAIN_R2)
11:32:34 pluto[16063] "tunnelcoul": deleting connection
11:32:34 pluto[16063] forgetting secrets
11:32:34 pluto[16063] shutting down
11:32:34 ipsec_setup Stopping Openswan IPsec...
11:32:08 pluto[16063] "tunnelcoul" #1410: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
11:32:08 pluto[16063] "tunnelcoul" #1410: NAT-Traversal: Result using RFC 3947: no NAT detected
11:32:08 pluto[16063] "tunnelcoul" #1410: transition from state (null) to state STATE_MAIN_R1
11:32:08 pluto[16063] "tunnelcoul" #1410: responding to Main Mode
11:32:08 pluto[16063] packet from 81.56.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]
11:32:08 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-00]
11:32:08 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-02]
11:32:08 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-03]
11:32:08 pluto[16063] packet from 81.56.xxx.xxx:500: received Vendor ID payload [RFC 3947]
11:32:08 pluto[16063] "tunnelcoul" #1409: max number of retransmissions (2) reached STATE_MAIN_R2
11:30:58 pluto[16063] "tunnelcoul" #1409: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
11:30:58 pluto[16063] "tunnelcoul" #1409: NAT-Traversal: Result using RFC 3947: no NAT detected
11:30:58 pluto[16063] "tunnelcoul" #1409: transition from state (null) to state STATE_MAIN_R1
11:30:58 pluto[16063] "tunnelcoul" #1409: responding to Main Mode
11:30:58 pluto[16063] packet from 81.56.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]
11:30:58 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-00]
11:30:58 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-02]
11:30:58 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-03]
11:30:58 pluto[16063] packet from 81.56.xxx.xxx:500: received Vendor ID payload [RFC 3947]
11:30:58 pluto[16063] "tunnelcoul" #1406: max number of retransmissions (2) reached STATE_MAIN_R2
11:30:51 pluto[16063] "tunneltest" #1408: initiating Main Mode to replace #1395
11:30:51 pluto[16063] "tunneltest" #1395: starting keying attempt 15 of an unlimited number
11:30:51 pluto[16063] "tunneltest" #1395: max number of retransmissions (20) reached STATE_MAIN_I1. N o acceptable response to our first IKE message
11:30:44 pluto[16063] "tunnelmasociete17" #1407: initiating Main Mode to replace #1394
11:30:44 pluto[16063] "tunnelmasociete17" #1394: starting keying attempt 15 of an unlimited number
11:30:44 pluto[16063] "tunnelmasociete17" #1394: max number of retransmissions (20) reached STATE_MAIN_I1. No acceptable response to our first IKE message
11:29:48 pluto[16063] "tunnelcoul" #1406: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
11:29:48 pluto[16063] "tunnelcoul" #1406: NAT-Traversal: Result using RFC 3947: no NAT detected
11:29:48 pluto[16063] "tunnelcoul" #1406: transition from state (null) to state STATE_MAIN_R1
11:29:48 pluto[16063] "tunnelcoul" #1406: responding to Main Mode
11:29:48 pluto[16063] packet from 81.56.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]
11:29:48 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-00]
11:29:48 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-02]
11:29:48 pluto[16063] packet from 81.56.xxx.xxx:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat- t-ike-03]
11:29:48 pluto[16063] packet from 81.56.xxx.xxx:500: received Vendor ID payload [RFC 3947]
11:29:48 pluto[16063] "tunnelcoul" #1405: max number of retransmissions (2) reached STATE_MAIN_R2
11:28:38 pluto[16063] "tunnelcoul" #1405: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
11:28:38 pluto[16063] "tunnelcoul" #1405: NAT-Traversal: Result using RFC 3947: no NAT detected
11:28:37 pluto[16063] "tunnelcoul" #1405: transition from state (null) to state STATE_MAIN_R1
11:28:37 pluto[16063] "tunnelcoul" #1405: responding to Main Mode

[grome]

ci dessous j'ai mis les logs depuis le vendredi 16 décembre.

http://grome.free.fr/logipcop/MesLogs.htm

Si c'est pas assez détaillé je les remets,

merci