[Openswan Users] unsupported ID type ID_FQDN and W2k-Client
Dennis Leist
dl at byteeffect.de
Fri Apr 2 03:07:44 CEST 2004
Hi all helpers,
After getting freeswan-1.99.09 getting run with nat_traversal I still
encounter some trouble while connecting
with W2k SP4 (inc. NAT-T Update).
Any help is highly appreciated!
<snip>
Apr 2 01:55:50 linuxserver pluto[18381]: packet from 213.39.182.63:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000002]
Apr 2 01:55:50 linuxserver pluto[18381]: packet from 213.39.182.63:500:
ignoring Vendor ID payload [FRAGMENTATION]
Apr 2 01:55:50 linuxserver pluto[18381]: packet from 213.39.182.63:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02
_n]
Apr 2 01:55:50 linuxserver pluto[18381]: "w2k-client"[1] 213.39.182.63
#1: responding to Main Mode from unknown peer 213.39.182.6
3
Apr 2 01:55:50 linuxserver pluto[18381]: "w2k-client"[1] 213.39.182.63
#1: only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 s
upported. Attribute OAKLEY_GROUP_DESCRIPTION
Apr 2 01:55:51 linuxserver pluto[18381]: "w2k-client"[1] 213.39.182.63
#1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike
-02/03: peer is NATed
Apr 2 01:55:51 linuxserver pluto[18381]: "w2k-client"[1] 213.39.182.63
#1: Peer ID is ID_DER_ASN1_DN: '<Users CN>'
Apr 2 01:55:51 linuxserver pluto[18381]: | NAT-T: new mapping
213.39.182.63:500/4500)
Apr 2 01:55:51 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: sent MR3, ISAKMP SA established
Apr 2 01:55:51 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: unsupported ID type ID_FQDN
Apr 2 01:55:51 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: sending encrypted notification INVALID_ID_INFORMA
TION to 213.39.182.63:4500
Apr 2 01:55:52 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: Quick Mode I1 message is unacceptable because it
uses a previously used Message ID 0xcf9a4c3a (perhaps this is a
duplicated packet)
Apr 2 01:55:52 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: sending encrypted notification INVALID_MESSAGE_ID
to 213.39.182.63:4500
Apr 2 01:55:54 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: Quick Mode I1 message is unacceptable because it
uses a previously used Message ID 0xcf9a4c3a (perhaps this is a
duplicated packet)
Apr 2 01:55:54 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: sending encrypted notification INVALID_MESSAGE_ID
to 213.39.182.63:4500
Apr 2 01:55:58 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: Quick Mode I1 message is unacceptable because it
uses a previously used Message ID 0xcf9a4c3a (perhaps this is a
duplicated packet)
Apr 2 01:55:58 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: sending encrypted notification INVALID_MESSAGE_ID
to 213.39.182.63:4500
Apr 2 01:56:06 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: Quick Mode I1 message is unacceptable because it
uses a previously used Message ID 0xcf9a4c3a (perhaps this is a
duplicated packet)
Apr 2 01:56:06 linuxserver pluto[18381]: "w2k-client"[1]
213.39.182.63:4500 #1: sending encrypted notification INVALID_MESSAGE_ID
<snap>
My ipsec.conf....
<snip>
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
nat_traversal=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dnsondemand
rightrsasigkey=%dnsondemand
conn w2k-client
left=%left
leftrsasigkey=%cert
leftcert=freeswan-cert.pem
right=%any
rightrsasigkey=%cert
pfs=no
rightsubnetwithin=192.168.1.99/24
rightcert=client-cert.pem
rightid=<Users CN>
disablearrivalcheck=no
auto=add
<snap>
More information about the Users
mailing list