[Openswan Users] Rekeying issue with Windows XP (SP2) & L2TP

Tarountaev Evgueni tarountaev at aist.com
Tue Nov 2 23:04:59 CET 2004 

Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #3: initiating Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL 
to replace #2 {using isakmp#1}
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: initiating Main Mode to replace #1
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #1: ignoring informational payload, type 
INVALID_ID_INFORMATION
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #1: received and ignored informational message
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: ignoring Vendor ID payload [FRAGMENTATION]
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n]
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: enabling possible NAT-traversal with method RFC XXXX 
(NAT-Traversal)
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: transition from state STATE_MAIN_I1 to state 
STATE_MAIN_I2
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal 
negociation
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: I am sending my cert
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: I am sending a certificate request
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: transition from state STATE_MAIN_I2 to state 
STATE_MAIN_I3
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: Peer ID is ID_DER_ASN1_DN: 'C=DE, ST=Bayern, 
L=Ampfing, O=AIST, OU=Development, CN=Eugene Tarountaev, 
E=tarountaev at aist.com'
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: crl update for "C=DE, ST=Bayern, L=Ampfing, O=AIST, 
OU=Network, CN=System Administrator, E=root at aist.com" is overdue since 
Aug 14 10:15:21 UTC 2004
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: transition from state STATE_MAIN_I3 to state 
STATE_MAIN_I4
Nov  2 18:14:45 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: ISAKMP SA established
Nov  2 18:14:46 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: discarding duplicate packet; already STATE_MAIN_I4
Nov  2 18:14:48 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: discarding duplicate packet; already STATE_MAIN_I4
Nov  2 18:14:52 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: discarding duplicate packet; already STATE_MAIN_I4
Nov  2 18:15:00 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: discarding duplicate packet; already STATE_MAIN_I4
Nov  2 18:15:16 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: discarding duplicate packet; already STATE_MAIN_I4
Nov  2 18:15:18 wasserfall l2tpd[2722]: check_control: control, cid = 0, 
Ns = 4, Nr = 58
Nov  2 18:15:48 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #4: received Delete SA payload: deleting ISAKMP State #4
Nov  2 18:15:48 wasserfall pluto[25023]: packet from 80.128.144.207:500: 
received and ignored informational message
Nov  2 18:15:55 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #3: max number of retransmissions (2) reached STATE_QUICK_I1
Nov  2 18:16:18 wasserfall l2tpd[2722]: check_control: control, cid = 0, 
Ns = 4, Nr = 59
Nov  2 18:17:18 wasserfall l2tpd[2722]: check_control: control, cid = 0, 
Ns = 4, Nr = 60
Nov  2 18:18:18 wasserfall l2tpd[2722]: check_control: control, cid = 0, 
Ns = 4, Nr = 61
Nov  2 18:19:15 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207 #2: IPsec SA expired (LATEST!)
Nov  2 18:19:15 wasserfall pluto[25023]: "roadwarrior-l2tp"[2] 
80.128.144.207: deleting connection "roadwarrior-l2tp" instance with 
peer 80.128.144.207 {isakmp=#0/ipsec=#0}

Jacco de Leeuw wrote:

>
> Evgueni Tarountaev wrote:
>
>> I have NON-NATTED Windows XP Pro (SP2) client which have problems with
>> rekeying. Connection works fine except when rekeying happens it 
>> disconnects.
>> This happens 60 minutes after the connection is established.
>
>
> What do the logs say when this happens?
>
>> Can somebody give me any advice, because I am completely lost...
>
>
> Perhaps fiddle with the rekeying settings?
>
> Jacco

More information about the Users mailing list