<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">Wondering if you figured out why you are losing your connect. I seem to loose mine after about an hour. It seems to be an l2tpd or ppp problem.<DIV><BR class="khtml-block-placeholder"></DIV><DIV>Some logs.. are yours reflecting the same errors?</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a magic=0xc6ac4467]</DIV><DIV>Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a magic=0x85f75c48]</DIV><DIV>Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries exceeded for tunnel 54320. Closing.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>I get several of those pppd logs. It seems that the ipsec connect is fine through this series of events. </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Versions..</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Gentoo Linux 2.6.11-hardened-r15</DIV><DIV>openswan-2.4.4</DIV><DIV>l2tpd-0.70_pre20031121 </DIV><DIV>ppp-2.4.2-r15 </DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Thanks.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BR><DIV><DIV>On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite"> <FONT face="Verdana, Helvetica, Arial"><SPAN style="font-size:12.0px">Hi,<BR> <BR> I’ve been connecting today as a roadwarrior with a 10.4.5 behind an DSL router and NATed<BR> <BR> What I’ve found so far:<BR> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109 <BR> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 <BR> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110<BR> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110<BR> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main Mode from unknown peer 200.88.223.131<BR> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<BR> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent MR1, expecting MI2<BR> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID payload [KAME/racoon]<BR> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed<BR> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<BR> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent MR2, expecting MI3<BR> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is ID_IPV4_ADDR: '10.0.0.3'<BR> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}<BR> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a certificate because I do not have one.<BR> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<BR> pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)<BR> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<BR> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick Mode {msgid:ecd87ac6}<BR> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<BR> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<BR> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<BR> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec SA established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1 NATD= x.x.x.x:50339 DPD=none}<BR> <BR> The strange thing I’ve noticed today is that the VPN connection seems to drop when the DSL connection is used a lot by the other computer (the 10.0.0.2) which is not connected to the VPN<BR> <BR> Let me know if I can help test something for you.<BR> <BR> Cheers,<BR> Christophe<BR> <BR> On 2/15/06 12:04 PM, "Brett Curtis" <<A href="mailto:dashnu@gmail.com">dashnu@gmail.com</A>> wrote:<BR> <BR> </SPAN></FONT><BLOCKQUOTE type="cite"><FONT face="Verdana, Helvetica, Arial"><SPAN style="font-size:12.0px">Latest update Fix.. 10.4.5<BR> <BR> </SPAN></FONT><SPAN style="font-size:12.0px"><FONT color="#444444"><FONT face="Arial">-VPN connections to Cisco servers when using NAT<BR> <BR> Hope they use the correct NAT-T now.. I will let you guys know.<BR> <BR> /me reboots<BR> </FONT></FONT><FONT face="Verdana, Helvetica, Arial"><BR> <HR align="CENTER" size="3" width="95%"></FONT></SPAN><FONT size="2"><FONT face="Monaco, Courier New"><SPAN style="font-size:10.0px">_______________________________________________<BR> <A href="mailto:Users@openswan.org">Users@openswan.org</A><BR> <A href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A><BR> Building and Integrating Virtual Private Networks with Openswan: <BR> <A href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A><BR> </SPAN></FONT></FONT></BLOCKQUOTE><FONT size="2"><FONT face="Monaco, Courier New"><SPAN style="font-size:10.0px"><BR> </SPAN></FONT></FONT><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">_______________________________________________</DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="mailto:Users@openswan.org">Users@openswan.org</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; ">Building and Integrating Virtual Private Networks with Openswan:<SPAN class="Apple-converted-space"> </SPAN></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><A href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A></DIV> </BLOCKQUOTE></DIV><BR></DIV></BODY></HTML>