<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi all,<br>
<br>
First of all a little summary of the specs of my setup<br>
<ul>
<li>VPN Server is running on Fedora Core 4 (2.6.17-1.2142_FC4) , with
Openswan version 2.4.4 along with Xl2tpd1.1.12</li>
<li>Windows clients composing of SP3 and SP2 clients</li>
</ul>
I'm attaching ipsec.conf, xl2tpd.conf, options.xl2tpd <br>
<br>
When I try to connect from my client machine to the server, it says
connecting but doesn't seem to move forward at all. Even tried with
iptables switched off.But that didn't help.. Below I'm pasting the
dumps of var/log/secure and /var/log/messages for one connection
attempt. Just to make sure that I'm not making any mistakes I have
removed xl2tpd and got the rpm of l2tpd compiled by Jacco. <br>
<br>
Messages<br>
<br>
Jul 22 16:11:37 test2 xl2tpd[6824]: This binary does not support kernel
L2TP.<br>
Jul 22 16:11:37 test2 xl2tpd[6825]: xl2tpd version xl2tpd-1.1.12
started on test2 PID:6825<br>
Jul 22 16:11:37 test2 xl2tpd[6825]: Written by Mark Spencer, Copyright
(C) 1998, Adtran, Inc.<br>
Jul 22 16:11:37 test2 xl2tpd[6825]: Forked by Scott Balmos and David
Stipp, (C) 2001<br>
Jul 22 16:11:37 test2 xl2tpd[6825]: Inherited by Jeff McAd
ams, (C) 2002<br>
Jul 22 16:11:37 test2 xl2tpd[6825]: Forked again by Xelerance
(<a class="moz-txt-link-abbreviated" href="http://www.xelerance.com">www.xelerance.com</a>)
(C) 2006<br>
Jul 22 16:11:37 test2 xl2tpd[6825]: Listening on IP address 0.0.0.0,
port 1701<br>
Jul 22 16:11:45 test2 kernel: NET: Unregistered protocol family 15<br>
Jul 22 16:11:45 test2 ipsec_setup: ...Openswan IPsec stopped<br>
Jul 22 16:11:45 test2 kernel: NET: Registered protocol family 15<br>
Jul 22 16:11:46 test2 ipsec_setup: KLIPS ipsec0 on eth0
vpn.external.ip/255.255.255.224 broadcast xxx.xxx.xxx.xxx<br>
Jul 22 16:11:46 test2 ipsec_setup: ...Openswan IPsec started<br>
Jul 22 16:12:03 test2 xl2tpd[6825]: Maximum retries exceeded for tunnel
15489. Closing.<br>
Jul 22 16:12:03 test2 xl2tpd[6825]: Connection 10 closed to
my.client.ip, port 1701 (Timeout)<br>
Jul 22 16:12:18 test2 xl2tpd[6825]: Maximum retries exceeded for tunnel
34702. Closing.<br>
Jul 22 16:12:18 test2 xl2tpd[6825]: Connection 10 closed to
my.client.ip, port 1701 (Timeout)<br>
<br>
Secure<br>
<br>
<div class="moz-text-html" lang="x-western">
<link rel="File-List"
href="file:///C:%5CDOCUME%7E1%5CADMINI%7E1%5CLOCALS%7E1%5CTemp%5Cmsohtml1%5C01%5Cclip_filelist.xml">
<o:smarttagtype
namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceType"></o:smarttagtype><o:smarttagtype
namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceName"></o:smarttagtype><o:smarttagtype
namespaceuri="urn:schemas-microsoft-com:office:smarttags" name="place"></o:smarttagtype><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]--><!--[if !mso]><object
classid="clsid:38481807-CA0E-42D2-BF39-B33AF135CC4D" id=ieooui></object>
<style>
st1\:*{behavior:url(#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
@page Section1
{size:11.0in 8.5in;
mso-page-orientation:landscape;
margin:1.25in 1.0in 1.25in 1.0in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:44
test2
pluto[6292]: "L2TP-PSK": deleting connection<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:44
test2
pluto[6292]: shutting down interface lo/lo ::1:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:44
test2
pluto[6292]: shutting down interface lo/lo 127.0.0.1:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:44
test2
pluto[6292]: shutting down interface eth0/eth0
vpn-server-external-ip:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:44
test2
pluto[6292]: shutting down interface eth1/eth1 10.8.109.65:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2
ipsec__plutorun: Starting Pluto subsystem...<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2
pluto[6939]: Starting Pluto (Openswan Version 2.4.4 X.509-1.5.4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEz}FFFfgr_e)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2
pluto[6939]: Setting NAT-Traversal port-4500 floating to off<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2 pluto[6939]:<span style=""> </span>port floating activation
criteria
nat_t=0/port_fload=1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2
pluto[6939]:<span style=""> </span>including NAT-Traversal
patch (Version 0.6c) [disabled]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2
pluto[6939]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
(ret=0)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2
pluto[6939]: starting up 1 cryptographic helpers<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2
pluto[6939]: started helper pid=6940 (fd:6)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:46
test2
pluto[6939]: Using Linux 2.6 IPsec interface code on 2.6.17-1.2142_FC4<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: Could not change to directory '/etc/ipsec.d/cacerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: Could not change to directory '/etc/ipsec.d/aacerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: Could not change to directory '/etc/ipsec.d/ocspcerts'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: Could not change to directory '/etc/ipsec.d/crls'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: added connection description "L2TP-PSK"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: listening for IKE messages<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: adding interface eth1/eth1 10.8.109.65:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: adding interface eth0/eth0 vpn-server-external-ip:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: adding interface lo/lo 127.0.0.1:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2 pluto[6939]:
adding interface lo/lo ::1:500<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:47
test2
pluto[6939]: loading secrets from "/etc/ipsec.secrets"<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: packet from vpn-client-ip:500: ignoring Vendor ID payload
[MS NT5
ISAKMPOAKLEY 00000004]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: packet from vpn-client-ip:500: ignoring Vendor ID payload
[FRAGMENTATION]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: packet from vpn-client-ip:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: packet from vpn-client-ip:500: ignoring Vendor ID payload
[Vid-Initial-Contact]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: responding to Main Mode
from unknown peer vpn-client-ip<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: STATE_MAIN_R1: sent MR1,
expecting MI2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: STATE_MAIN_R2: sent MR2,
expecting MI3<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: Main mode peer ID is
ID_IPV4_ADDR: 'vpn-client-ip'<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: I did not send a
certificate because I do not have one.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: STATE_MAIN_R3: sent MR3,
ISA
KMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp2048}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #2: responding to Quick Mode
{msgid:68879540}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #2: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #2: STATE_QUICK_R1: sent
QR1, inbound IPsec SA installed, expecting QI2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #2: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:11:56
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #2: STATE_QUICK_R2: IPsec SA
established {ESP=>0x9b76cf71 <0x13478bc1 xfrm=3DES_0-HMAC_MD5
NATD=none
DPD=none}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:12:18
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: received Delete
SA(0x9b76cf71) payload: deleting <st1:place w:st="on"><st1:placename
w:st="on">IPSEC</st1:placename> <st1:placetype w:st="on">State</st1:placetype></st1:place>
#2<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:12:18
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: received and ignored
informational message<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:12:18
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip #1: received Delete SA
payload: deleting <st1:place w:st="on"><st1:placename w:st="on">ISAKMP</st1:placename>
<st1:placetype w:st="on">State</st1:placetype></st1:place> #1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:12:18
test2
pluto[6939]: "L2TP-PSK"[1] vpn-client-ip: deleting connection
"L2TP-PSK" instance with peer vpn-client-ip {isakmp=#0/ipsec=#0}<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:12:18
test2
pluto[6939]: packet from vpn-client-ip:500: received and ignored
informational
message<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;">Jul 22 16:12:20
test2
pluto[6939]: ERROR: asynchronous network error report on eth0
(sport=500) for
message to vpn-client-ip port 500, complainant vpn-server-external-ip:
No route
to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]<o:p></o:p></span></p>
<br>
<br>
Can any one help me out?<br>
<pre class="moz-signature" cols="72">------------------
Best Regards
Jay
</pre>
</div>
<pre class="moz-signature" cols="72">
</pre>
</body>
</html>