<HTML>
<HEAD>
<TITLE>Re: [Openswan Users] OSX 10.4.5 maybe :)</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Yes it did work. I am not loosing the connection after 1 hours, I have an expire and then a renegociation of the tunnel.<BR>
But it seems I have some stability issues with the xl2tpd. It went down yesterday, I am still trying to figure why<BR>
<BR>
On ppp side I have a 2.4.2 with the radius plugin (like you it seems)<BR>
<BR>
<BR>
On 2/21/06 11:11 AM, "Brett Curtis" <dashnu@gmail.com> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Well I tried xl2tpd.. switch out my current gentoo l2tpd with it and still have the same issues. My best guess would be an issue with ppp. Did the xl2tpd fix the issue for you ? They both work fine for windows clients.. So who know it could be another OSX issue.<BR>
<BR>
Thanks.<BR>
On Feb 17, 2006, at 10:55 AM, Christophe Ngo Van Duc wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'> Hi,<BR>
<BR>
Yes I have exactly the same problem, I was testing it during the past 2 days. Exactly one hour and I loose the connection.<BR>
I am going to test the xl2tpd suggested by Paul and see.<BR>
<BR>
Cheers,<BR>
Christophe.<BR>
<BR>
<BR>
On 2/17/06 9:21 AM, "Brett Curtis" <dashnu@gmail.com> wrote:<BR>
<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Wondering if you figured out why you are losing your connect. I seem to loose mine after about an hour. It seems to be an l2tpd or ppp problem.<BR>
<BR>
Some logs.. are yours reflecting the same errors?<BR>
<BR>
Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a magic=0xc6ac4467]<BR>
Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a magic=0x85f75c48]<BR>
Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries exceeded for tunnel 54320. Closing.<BR>
<BR>
I get several of those pppd logs. It seems that the ipsec connect is fine through this series of events. <BR>
<BR>
Versions..<BR>
<BR>
Gentoo Linux 2.6.11-hardened-r15<BR>
openswan-2.4.4<BR>
l2tpd-0.70_pre20031121 <BR>
ppp-2.4.2-r15 <BR>
<BR>
Thanks.<BR>
<BR>
<BR>
<BR>
On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:<BR>
<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'> Hi,<BR>
<BR>
I’ve been connecting today as a roadwarrior with a 10.4.5 behind an DSL router and NATed<BR>
<BR>
What I’ve found so far:<BR>
pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [RFC 3947] method set to=109 <BR>
pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 <BR>
pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110<BR>
pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main Mode from unknown peer 200.88.223.131<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent MR1, expecting MI2<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID payload [KAME/racoon]<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent MR2, expecting MI3<BR>
pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is ID_IPV4_ADDR: '10.0.0.3'<BR>
pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}<BR>
pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a certificate because I do not have one.<BR>
pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3<BR>
pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)<BR>
pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick Mode {msgid:ecd87ac6}<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2<BR>
pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec SA established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1 NATD= x.x.x.x:50339 DPD=none}<BR>
<BR>
The strange thing I’ve noticed today is that the VPN connection seems to drop when the DSL connection is used a lot by the other computer (the 10.0.0.2) which is not connected to the VPN<BR>
<BR>
Let me know if I can help test something for you.<BR>
<BR>
Cheers,<BR>
Christophe<BR>
<BR>
On 2/15/06 12:04 PM, "Brett Curtis" <dashnu@gmail.com> wrote:<BR>
<BR>
<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>Latest update Fix.. 10.4.5<BR>
<BR>
</SPAN></FONT><SPAN STYLE='font-size:12.0px'><FONT COLOR="#444444"><FONT FACE="Arial">-VPN connections to Cisco servers when using NAT<BR>
<BR>
Hope they use the correct NAT-T now.. I will let you guys know.<BR>
<BR>
/me reboots<BR>
<BR>
</FONT></FONT><FONT FACE="Verdana, Helvetica, Arial"> <BR>
<BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></FONT></SPAN><FONT SIZE="2"><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:10.0px'>_______________________________________________<BR>
Users@openswan.org<BR>
<a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><BR>
Building and Integrating Virtual Private Networks with Openswan: <BR>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><BR>
<BR>
<BR>
</SPAN></FONT></FONT></BLOCKQUOTE><FONT SIZE="2"><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:10.0px'><BR>
<BR>
</SPAN></FONT></FONT><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>_______________________________________________<BR>
Users@openswan.org<BR>
<a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><BR>
Building and Integrating Virtual Private Networks with Openswan: <BR>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><BR>
<BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
<BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
<BR>
_______________________________________________<BR>
Users@openswan.org<BR>
<a href="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</a><BR>
Building and Integrating Virtual Private Networks with Openswan: <BR>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
</SPAN></FONT>
</BODY>
</HTML>