[Openswan Users] vpn conn stops after IPsec SA established

Łukasz Zontek l_zontek at wp.pl
Thu Apr 19 06:42:12 EDT 2007 

Hello
I have a problem with ipsec/l2tp connection from windows xp.
A have openswan 2.4.7, kernel 2.6.20 with NETKEY I think (i'm not a pro).

This are my logs from linux debian:
Apr 19 11:42:15 localhost pluto[6940]: packet from 192.168.71.204:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 19 11:42:15 localhost pluto[6940]: packet from 192.168.71.204:500: 
ignoring Vendor ID payload [FRAGMENTATION]
Apr 19 11:42:15 localhost pluto[6940]: packet from 192.168.71.204:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set 
to=106
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[8] 
192.168.71.204 #8: responding to Main Mode from unknown peer 
192.168.71.204
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[8] 
192.168.71.204 #8: transition from state STATE_MAIN_R0 to state 
STATE_MAIN_R1
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[8] 
192.168.71.204 #8: STATE_MAIN_R1: sent MR1, expecting MI2
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[8] 
192.168.71.204 #8: NAT-Traversal: Result using 
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[8] 
192.168.71.204 #8: transition from state STATE_MAIN_R1 to state 
STATE_MAIN_R2
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[8] 
192.168.71.204 #8: STATE_MAIN_R2: sent MR2, expecting MI3
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[8] 
192.168.71.204 #8: Main mode peer ID is ID_DER_ASN1_DN: 'C=PL, 
ST=WROCLAW, O=PGF URTICA, OU=PGF URTICA, CN=vpn1.urtica.pl, 
E=lukasz at urtica.pl'
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[8] 
192.168.71.204 #8: switched from "roadwarrior-l2tp" to "roadwarrior-l2tp"
Apr 19 11:42:15 localhost pluto[6940]: "roadwarrior-l2tp"[9] 
192.168.71.204 #8: deleting connection "roadwarrior-l2tp" instance with 
peer 192.168.71.204 {isakmp=#0/ipsec=#0}
Apr 19 11:42:16 localhost pluto[6940]: "roadwarrior-l2tp"[9] 
192.168.71.204 #8: I am sending my cert
Apr 19 11:42:16 localhost pluto[6940]: "roadwarrior-l2tp"[9] 
192.168.71.204 #8: transition from state STATE_MAIN_R2 to state 
STATE_MAIN_R3
Apr 19 11:42:16 localhost pluto[6940]: "roadwarrior-l2tp"[9] 
192.168.71.204 #8: STATE_MAIN_R3: sent MR3, ISAKMP SA established 
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha 
group=modp2048}
Apr 19 11:42:16 localhost pluto[6940]: "roadwarrior-l2tp-oldwin"[2] 
192.168.71.204 #9: responding to Quick Mode {msgid:325f59c4}
Apr 19 11:42:16 localhost pluto[6940]: "roadwarrior-l2tp-oldwin"[2] 
192.168.71.204 #9: transition from state STATE_QUICK_R0 to state 
STATE_QUICK_R1
Apr 19 11:42:16 localhost pluto[6940]: "roadwarrior-l2tp-oldwin"[2] 
192.168.71.204 #9: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, 
expecting QI2
Apr 19 11:42:16 localhost pluto[6940]: "roadwarrior-l2tp-oldwin"[2] 
192.168.71.204 #9: transition from state STATE_QUICK_R1 to state 
STATE_QUICK_R2
Apr 19 11:42:16 localhost pluto[6940]: "roadwarrior-l2tp-oldwin"[2] 
192.168.71.204 #9: STATE_QUICK_R2: IPsec SA established {ESP=>0x77c08147 
<0x6c1a2638 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}


then all stops.
Please help me.

config setup
        interfaces=%defaultroute
        nat_traversal=yes
       virtual_private=%v4:10.0.0.0/8:,172.16.0.0/12,%v4:192.168.0.0/16,%v4:!mysubet


conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=mysubnet/mask
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior
conn roadwarrior
        left=%defaultroute
        leftcert=vpn1.urtica.pl.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes



conn roadwarrior-l2tp
        left=%defaultroute
        leftcert=vpn1.pem
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        rightsubnet=subnet
        pfs=no
        auto=add

conn roadwarrior-l2tp-oldwin
        left=%defaultroute
        leftcert=vpn1.pem
        leftprotoport=17/0
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        pfs=no
        auto=add

conn block
        auto=ignore

conn private
        auto=ignore
conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore

----------------------------------------------------
To miały być wakacje jego marzeń. Ale jak dotrzeć nad
morze, gdy jest się Jasiem Fasolą? Rewelacyjna komedia
WAKACJE JASIA FASOLI - w kinach od 20 kwietnia.
http://klik.wp.pl/?adr=http%3A%2F%2Fadv.reklama.wp.pl%2Fas%2Fjas_fasola.html&sid=1104

More information about the Users mailing list