Hello all,<div><br></div><div>I am trying to get Windows Mobile 6.5 to work with Openswan in combination with XL2TPD which is connected to freeradius. When I am trying to send data through the tunnel, the connection goes down, when I wait for 3 minutes, the connection goes down.</div>
<div><br></div><div>What I notice is that I get "ignoring informational payload, type INVALID_COOKIE msgid=00000000" messages. Openswan sees it as information messages, but I think it is the client trying to communicate.</div>
<div><br></div><div>I am using the example config file l2tp-cert.conf. I have not configured "esp=", because I would like Openswan to find out what encryption methods can be used, but this is not working.</div><div>
<br></div><div>Can someone help me?</div><div><br></div><div><br></div><div><br></div><div>My logs and configuration:</div><div><br></div><div>/var/log/secure:</div><div><div>Sep 7 15:50:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]</div>
<div>Sep 7 15:50:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>: ignoring Vendor ID payload [FRAGMENTATION]</div><div>Sep 7 15:50:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106</div>
<div>Sep 7 15:50:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>: ignoring Vendor ID payload [Vid-Initial-Contact]</div><div>Sep 7 15:50:27 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: responding to Main Mode from unknown peer 62.140.137.125</div>
<div>Sep 7 15:50:27 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1</div><div>Sep 7 15:50:27 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: STATE_MAIN_R1: sent MR1, expecting MI2</div>
<div>Sep 7 15:50:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]</div><div>Sep 7 15:50:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>: ignoring Vendor ID payload [FRAGMENTATION]</div>
<div>Sep 7 15:50:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106</div><div>Sep 7 15:50:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>: ignoring Vendor ID payload [Vid-Initial-Contact]</div>
<div>Sep 7 15:50:27 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #15: responding to Main Mode from unknown peer 62.140.137.125</div><div>Sep 7 15:50:27 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #15: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1</div>
<div>Sep 7 15:50:27 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #15: STATE_MAIN_R1: sent MR1, expecting MI2</div><div>Sep 7 15:50:31 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed</div>
<div>Sep 7 15:50:31 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2</div><div>Sep 7 15:50:31 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: STATE_MAIN_R2: sent MR2, expecting MI3</div>
<div>Sep 7 15:50:32 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: discarding duplicate packet; already STATE_MAIN_R2</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: Main mode peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=<a href="mailto:admin@testingcorporation.nl">admin@testingcorporation.nl</a>'</div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #14: switched from "l2tp-X.509" to "l2tp-X.509"</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: I am sending my cert</div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: deleting connection "l2tp-X.509" instance with peer 62.140.137.107 {isakmp=#0/ipsec=#13}</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509" #13: deleting state (STATE_QUICK_R2)</div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: new NAT mapping for #14, was <a href="http://62.140.137.125:29237">62.140.137.125:29237</a>, now <a href="http://62.140.137.125:29528">62.140.137.125:29528</a></div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}</div><div>
Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: peer client type is FQDN</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: Applying workaround for MS-818043 NAT-T bug</div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: IDci was FQDN: U\221\224j, using NAT_OA=<a href="http://10.66.108.51/32">10.66.108.51/32</a> as IDci</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: the peer proposed: <a href="http://85.145.148.106/32:17/1701">85.145.148.106/32:17/1701</a> -> <a href="http://10.66.108.51/32:17/0">10.66.108.51/32:17/0</a></div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #16: responding to Quick Mode proposal {msgid:b8cafe89}</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #16: us: 85.145.148.106<85.145.148.106>[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=<a href="mailto:admin@testingcorporation.nl">admin@testingcorporation.nl</a>,+S=C]:17/1701</div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #16: them: 62.140.137.125[C=NL, ST=Utrecht, L=Utrecht, O=Testing Corporation, OU=Research and Development, CN=Left1024, E=<a href="mailto:admin@testingcorporation.nl">admin@testingcorporation.nl</a>,+S=C]:17/0===<a href="http://10.66.108.51/32">10.66.108.51/32</a></div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #16: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #16: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2</div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #16: netlink_raw_eroute: WARNING: that_client port 0 and that_host port 29528 don't match. Using that_client port.</div><div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #16: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2</div>
<div>Sep 7 15:50:34 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #16: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x00bc42b0 <0x44d1a644 xfrm=3DES_0-HMAC_SHA1 NATOA=10.66.108.51 NATD=<a href="http://62.140.137.125:29528">62.140.137.125:29528</a> DPD=none}</div>
<div><span class="Apple-style-span" style="background-color: rgb(255, 0, 0);">Sep 7 15:50:37 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #15: ignoring informational payload, type INVALID_COOKIE msgid=00000000</span></div>
<div>Sep 7 15:50:37 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #15: received and ignored informational message</div><div><span class="Apple-style-span" style="background-color: rgb(255, 0, 0);">Sep 7 15:50:58 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #15: ignoring informational payload, type INVALID_COOKIE msgid=00000000</span></div>
<div>Sep 7 15:50:58 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #15: received and ignored informational message</div><div>Sep 7 15:51:27 gateway pluto[1749]: "l2tp-X.509"[12] 62.140.137.125 #14: received Delete SA payload: deleting ISAKMP State #14</div>
<div>Sep 7 15:51:27 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29528">62.140.137.125:29528</a>: received and ignored informational message</div><div>Sep 7 15:51:28 gateway pluto[1749]: packet from <a href="http://62.140.137.125:29528">62.140.137.125:29528</a>: Informational Exchange is for an unknown (expired?) SA with MSGID:0x3bdca6f8</div>
<div>Sep 7 15:51:37 gateway pluto[1749]: "l2tp-X.509"[11] 62.140.137.125 #15: max number of retransmissions (2) reached STATE_MAIN_R1</div><div>Sep 7 15:51:37 gateway pluto[1749]: "l2tp-X.509"[11] <a href="http://62.140.137.125">62.140.137.125</a>: deleting connection "l2tp-X.509" instance with peer 62.140.137.125 {isakmp=#0/ipsec=#0}</div>
</div><div><br></div><div>The output of xl2tpd -D:</div><div><br></div><div><div>xl2tpd[1808]: control_finish: Peer requested tunnel 14 twice, ignoring second one.</div><div>xl2tpd[1808]: Connection established to 62.140.137.125, 1701. Local: 15271, Remote: 14 (ref=0/0). LNS session is 'default'</div>
<div>xl2tpd[1808]: start_pppd: I'm running: </div><div>xl2tpd[1808]: "/usr/sbin/pppd" </div><div>xl2tpd[1808]: "passive" </div><div>xl2tpd[1808]: "nodetach" </div><div>xl2tpd[1808]: "172.28.1.1:172.28.1.10" </div>
<div>xl2tpd[1808]: "auth" </div><div>xl2tpd[1808]: "name" </div><div>xl2tpd[1808]: "Helios.Lan" </div><div>xl2tpd[1808]: "debug" </div><div>xl2tpd[1808]: "file" </div><div>
xl2tpd[1808]: "/etc/ppp/options.xl2tpd" </div><div>xl2tpd[1808]: "/dev/pts/4" </div><div>xl2tpd[1808]: Call established with 62.140.137.125, Local: 38486, Remote: 1, Serial: 0</div><div><span class="Apple-style-span" style="background-color: rgb(255, 0, 0);">xl2tpd[1808]: control_finish: Connection closed to 62.140.137.125, serial 0 ()</span></div>
<div>xl2tpd[1808]: Terminating pppd: sending TERM signal to pid 6365</div><div>xl2tpd[1808]: control_finish: Connection closed to 62.140.137.125, port 1701 (), Local: 15271, Remote: 14</div></div><div><br></div><div><br></div>
<div><br></div><div>Bart Smink</div><div><br></div>