Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] ipsec traffic
  • From: Christoph Egger <egger@xxxxxxxxxxxxxx>
  • Date: Fri, 13 Sep 2002 11:22:45 +0200
  • Message-id: <20020913092355.AD1EF14518@xxxxxxxxxxxxxx>
On Friday, 13. September 2002 09:21, egger@xxxxxxxxxxxxxx wrote:
> On Friday, 13. September 2002 07:45, tobias.reckhard@xxxxxxxxxxx wrote:
>
> tcpdump says this:
>
> 11:03:52.085197 <gateB> > <gateA>: ESP(spi=0x041b4818,seq=0x7dc)
> 11:03:52.086084 <gateA> > <gateB>: ESP(spi=0x7511fb3c,seq=0x936)
>
> Note, <gateA> is the IP-address of the one ipsec-gateway,
> <gateB> the one
> from the other ipsec-gateway.
>
> > That's what KLIPS says, not Pluto. Set plutodebug to 'all' and see what
> > Pluto says.
>
> Sep 13 09:20:48 uhura Pluto[9867]: | *time to handle event
> Sep 13 09:20:48 uhura Pluto[9867]: | event after this is EVENT_SA_REPLACE
> in 2670 seconds
> Sep 13 09:20:48 uhura Pluto[9867]: | inserting event EVENT_SHUNT_SCAN,
> timeout in 120 seconds
> Sep 13 09:20:48 uhura Pluto[9867]: | next event EVENT_SHUNT_SCAN in 120
> seconds

I should notice, that on <gateA> runs FreeSWAN 1.94 and on <gateB> FreeSWAN
1.98.

On <gateB> I found this sentence in the documentation (file
opportunism.howto):

--------
Pluto now looks every 2 minutes for any %holds that it missed.
--------

Further in the file CHANGES I found this:

--------
The last remnants of the "%hold" bug, which broke 1.93 and 1.94, have
(we think) been dealt with.
--------

Does that explain the traffic? When I update FreeSWAN on <gateA>, does that
prevent pluto doing the EVENT_SHUNT_SCAN's every 2 minutes?

--
CU,
Christoph

< Previous Next >
References