<HTML>
<HEAD>
<TITLE>Re: [Openswan Users] OSX 10.4.5 maybe :)</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Hi,<BR>
<BR>
Yes I have exactly the same problem, I was testing it during the past 2 days. Exactly one hour and I loose the connection.<BR>
I am going to test the xl2tpd suggested by Paul and see.<BR>
<BR>
Cheers,<BR>
Christophe.<BR>
<BR>
<BR>
On 2/17/06 9:21 AM, "Brett Curtis" <dashnu@gmail.com> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Wondering if you figured out why you are losing your connect. I seem to loose mine after about an hour. It seems to be an l2tpd or ppp problem.<BR>
<BR>
Some logs.. are yours reflecting the same errors?<BR>
<BR>
Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a magic=0xc6ac4467]<BR>
Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a magic=0x85f75c48]<BR>
Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries exceeded for tunnel 54320. Closing.<BR>
<BR>
I get several of those pppd logs. It seems that the ipsec connect is fine through this series of events. <BR>
<BR>
Versions..<BR>
<BR>
Gentoo Linux 2.6.11-hardened-r15<BR>
openswan-2.4.4<BR>
l2tpd-0.70_pre20031121 <BR>
ppp-2.4.2-r15 <BR>
<BR>
Thanks.<BR>
<BR>
<BR>
<BR>
On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'> Hi,<BR>
<BR>
I’ve been connecting today as a roadwarrior with a 10.4.5 behind an DSL router and NATed<BR>
<BR>
What I’ve found so far:<BR>
pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109 <BR>
pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 <BR>
pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110<BR>
pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main Mode from unknown peer 200.88.223.131<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent MR1, expecting MI2<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID payload [KAME/racoon]<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent MR2, expecting MI3<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is ID_IPV4_ADDR: '10.0.0.3'<BR>
pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}<BR>
pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a certificate because I do not have one.<BR>
pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<BR>
pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)<BR>
pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick Mode {msgid:ecd87ac6}<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec SA established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1 NATD= x.x.x.x:50339 DPD=none}<BR>
<BR>
The strange thing I’ve noticed today is that the VPN connection seems to drop when the DSL connection is used a lot by the other computer (the 10.0.0.2) which is not connected to the VPN<BR>
<BR>
Let me know if I can help test something for you.<BR>
<BR>
Cheers,<BR>
Christophe<BR>
<BR>
On 2/15/06 12:04 PM, "Brett Curtis" <dashnu@gmail.com> wrote:<BR>
<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Latest update Fix.. 10.4.5<BR>
<BR>
</SPAN></FONT><SPAN STYLE='font-size:12.0px'><FONT COLOR="#444444"><FONT FACE="Arial">-VPN connections to Cisco servers when using NAT<BR>
<BR>
Hope they use the correct NAT-T now.. I will let you guys know.<BR>
<BR>
/me reboots<BR>
<BR>
</FONT></FONT><FONT FACE="Verdana, Helvetica, Arial"> <BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></FONT></SPAN><FONT SIZE="2"><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:10.0px'>_______________________________________________<BR>
Users@openswan.org<BR>
<a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><BR>
Building and Integrating Virtual Private Networks with Openswan: <BR>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><BR>
<BR>
</SPAN></FONT></FONT></BLOCKQUOTE><FONT SIZE="2"><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:10.0px'><BR>
<BR>
</SPAN></FONT></FONT><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>_______________________________________________<BR>
Users@openswan.org<BR>
<a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><BR>
Building and Integrating Virtual Private Networks with Openswan: <BR>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
</SPAN></FONT>
</BODY>
</HTML>