[Swan] STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response

Sun Jun 3 18:54:25 UTC 2018

On Tue, 29 May 2018, Alex wrote:

> May 29 16:30:41 orion pluto[14295]: "VPN-GDHQ-GDXO" #25: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response

This indicates a packet filter somewhere along the route. Either on the
host itself, on the network, or on the target host.

> 000 "VPN-GDHQ-GDXO":
> 192.168.1.0/24===68.195.199.42<68.195.199.42>[CN=orion.example.com,
> O=GDXO]---68.195.199.41...65.46.77.6<65.46.72.6>[CN=cyclops.example.com,
> O=GDXO]===64.1.11.0/27; prospective erouted; eroute owner: #0

> 000 "VPN-GDHQ-GDXO-2":
> 192.168.1.0/24===68.195.199.42<68.195.193.42>[CN=orion.example.com,
> O=GDXO]---68.195.199.41...65.46.77.6<65.46.72.6>[CN=cyclops.example.com,
> O=GDXO]===66.104.200.96/28; prospective erouted; eroute owner: #0

> 000 #8: "VPN-GDHQ-GDXO":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
> EVENT_v1_RETRANSMIT in 1s; nodpd; idle; import:admin initiate
> 000 #8: pending Phase 2 for "VPN-GDHQ-GDXO-2" replacing #0
> 000 #8: pending Phase 2 for "VPN-GDHQ-GDXO" replacing #0
> 000
> 000 Bare Shunt list:
> 000

This looks normal for the case where you try to setup an IPsec tunnel,
but a firewall is preventing this.

Paul