[Openswan Users] Still having troubles : cannot respond to IPSEC
Dennis Leist
dl at byteeffect.de
Tue Mar 23 20:01:57 CET 2004
Thx for your hints so far,
Due to troubles with a DSL-Router, I changed the configuration.
It is now as follows:
/---------------\ /---------------\ /---------------\
/---------------\
| Linux 2.4.19 | | Speed Touch | | W-Lan Router | | WINX
XP |
| 62.210.20.146 |<----| 62.210.20.145 |<----| WAN-IP: |<---|
W-LAN-IP: |
| SuSE 9.0 | | No NAT at all | | 213.39.205.80 | |
192.168.1.99 |
\---------------/ \---------------/ \---------------/
\---------------/
VPN-Server: freeswan-2.04_1.4.8-12
I still get the following errs, though all NAT on Speed Touch is disabled.
The VPN-server got its own offical IP.
_Any_ help is _highly_ _appreciated_!
Mar 23 17:41:28 kolab pluto[31456]: packet from 213.39.205.80:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000002]
Mar 23 17:41:28 kolab pluto[31456]: "w2k-client"[3] 213.39.205.80 #3:
responding to Main Mode from unknown peer 213.39.205.80
Mar 23 17:41:28 kolab pluto[31456]: "w2k-client"[3] 213.39.205.80 #3:
only OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.
Attribute OAKLEY_GROUP_DESCRIPTION
Mar 23 17:41:28 kolab pluto[31456]: "w2k-client"[3] 213.39.205.80 #3:
Peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Koeln, CN=VPN User'
Mar 23 17:41:28 kolab pluto[31456]: "w2k-client"[4] 213.39.205.80 #3:
deleting connection "w2k-client" instance with peer 213.39.205.80
{isakmp=#0/ipsec=#0}
Mar 23 17:41:28 kolab pluto[31456]: "w2k-client"[4] 213.39.205.80 #3:
sent MR3, ISAKMP SA established
Mar 23 17:41:28 kolab pluto[31456]: "w2k-client"[4] 213.39.205.80 #3:
cannot respond to IPsec SA request because no connection is known for
62.210.20.146[C=DE, ST=Hamburg, L=Hamburg, CN=VPN
Admin]:17/0...213.39.205.80[C=DE, ST=Koeln, CN=VPN
User]:17/1701===192.168.1.99/32
Mar 23 17:41:29 kolab pluto[31456]: "w2k-client"[4] 213.39.205.80 #3:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0xdb6f3c4f (perhaps this is a duplicated packet)
Mar 23 17:41:35 kolab last message repeated 2 times
Mar 23 17:41:39 kolab pluto[31456]: "w2k-client"[4] 213.39.205.80 #3:
received Delete SA payload: deleting ISAKMP State #3
Mar 23 17:41:39 kolab pluto[31456]: "w2k-client"[4] 213.39.205.80:
deleting connection "w2k-client" instance with peer 213.39.205.80
{isakmp=#0/ipsec=#0}
My ipsec.conf is:
<snip ipsec.conf>
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
conn %default
authby=rsasig
conn vpngateway
left=62.206.19.146
leftnexthop=62.206.19.145
leftrsasigkey=%cert
leftcert=gatecert.pem
leftprotoport=17/0
right=%any
rightrsasigkey=%cert
pfs=no
rightprotoport=17/1701
keyingtries=0
disablearrivalcheck=no
auto=add
conn w2k-client
left=62.206.19.146
leftnexthop=62.206.19.145
leftrsasigkey=%cert
leftcert=gatecert.pem
leftprotoport=17/0
right=%any
rightrsasigkey=%cert
pfs=no
rightprotoport=17/1701
keyingtries=0
disablearrivalcheck=no
auto=add
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
conn OEself
auto=ignore
<snap ipsec.conf>
More information about the Users
mailing list