[Openswan Users] Almost connected from WinXP...

José Julio Hernández Fernández jhernandez at sgi.es
Fri May 28 17:20:59 CEST 2004


Hi all,

Thanks Paul Wouters and Ken Bantoft I'm running Openswan 2.1.2 on a SuSE
9.0 (kernel 2.6.6):
-----------
May 28 15:51:34 localhost pluto[14320]: Starting Pluto (Openswan Version
2.1.2 X.509-1.4.8 PLUTO_USES_KEYRR)
May 28 15:51:34 localhost pluto[14320]:   including NAT-Traversal patch
(Version 0.6c)
May 28 15:51:34 localhost pluto[14320]: Using Linux 2.6 IPsec interface
code
May 28 15:51:34 localhost ipsec_setup: ...Openswan IPsec started
-----------
With NAT-T 0.6c I've got no more "unsupported ID type ID_FQDN" error
when trying to connect from Windows XP VPN client. But now I've got
this:
-----------
May 28 15:52:23 localhost pluto[14320]: packet from a.b.c.d:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 28 15:52:23 localhost pluto[14320]: packet from a.b.c.d:500:
ignoring Vendor ID payload [FRAGMENTATION]
May 28 15:52:23 localhost pluto[14320]: packet from a.b.c.d:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
May 28 15:52:23 localhost pluto[14320]: packet from a.b.c.d:500:
ignoring Vendor ID payload [26244d38eddb61b3...]
May 28 15:52:23 localhost pluto[14320]: "test"[1] a.b.c.d #1: responding
to Main Mode from unknown peer a.b.c.d
May 28 15:52:23 localhost pluto[14320]: "test"[1] a.b.c.d #1: only
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.  Attribute
OAKLEY_GROUP_DESCRIPTION
May 28 15:52:23 localhost pluto[14320]: "test"[1] a.b.c.d #1: transition
from state (null) to state STATE_MAIN_R1
May 28 15:52:24 localhost pluto[14320]: "test"[1] a.b.c.d #1:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed
May 28 15:52:24 localhost pluto[14320]: "test"[1] a.b.c.d #1: transition
from state STATE_MAIN_R1 to state STATE_MAIN_R2
May 28 15:52:24 localhost pluto[14320]: "test"[1] a.b.c.d #1: Peer ID is
ID_DER_ASN1_DN: 'C=US, ST=xxx, L=xxx, O=yyy, OU=yyy, CN=test04 at none.com,
E=test04 at none.com'
May 28 15:52:24 localhost pluto[14320]: "test"[1] a.b.c.d #1: issuer crl
not found
May 28 15:52:24 localhost pluto[14320]: "test"[1] a.b.c.d #1: issuer crl
not found
May 28 15:52:24 localhost pluto[14320]: "test4"[1] a.b.c.d #1: deleting
connection "test" instance with peer a.b.c.d {isakmp=#0/ipsec=#0}
May 28 15:52:24 localhost pluto[14320]: "test4"[1] a.b.c.d #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
May 28 15:52:24 localhost pluto[14320]: | NAT-T: new mapping
a.b.c.d:500/45017)
May 28 15:52:24 localhost pluto[14320]: "test4"[1] a.b.c.d:45017 #1:
sent MR3, ISAKMP SA established
May 28 15:52:24 localhost pluto[14320]: "test4"[1] a.b.c.d:45017 #1:
received Delete SA payload: deleting ISAKMP State #1
May 28 15:52:24 localhost pluto[14320]: "test4"[1] a.b.c.d:45017:
deleting connection "test4" instance with peer a.b.c.d
{isakmp=#0/ipsec=#0}
-----------
..and on Windows side I got "error 800" with no connection, and pluto
makes no rise attempt for "test4_NAT" ¿Any ideas of what I'm doing
wrong?
Here's my ipsec.conf:
-----------
version 2.0
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        uniqueids=yes
        nat_traversal=yes
 
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
        keyingtries=1
        disablearrivalcheck=no
        authby=rsasig
        auth=esp
        keyexchange=ike
        ikelifetime=240m
        keylife=20m
        rekey=yes
        pfs=yes
        compress=no
        right=%any
        rightrsasigkey=%cert
        left=%defaultroute
        leftrsasigkey=%cert
        leftcert=pulpo.pem
        auto=add
conn block
        auto=ignore
conn clear
        auto=ignore
conn private
        auto=ignore
conn private-or-clear
        auto=ignore
conn clear-or-private
        auto=ignore
conn packetdefault
        auto=ignore
#conn OEself
#       auto=ignore
conn test4
        type=tunnel
        rightid="C=US, ST=xxx, L=xxx, O=yyy, OU=yyy, CN=test04 at none.com,
E=test04 at none.com"
        leftsubnet=192.168.50.0/24
conn test4_NAT
        type=tunnel
        rightid="C=US, ST=xxx, L=xxx, O=yyy, OU=yyy, CN=test04 at none.com,
E=test04 at none.com"
        rightsubnet=vnet:%priv
        leftsubnet=192.168.50.0/24
-----------

Thanks in advance, JJ.



More information about the Users mailing list