[Openswan Users] Rekeying problem XP SP2 with L2TP (again)

MAILER-DAEMON at tla.xelerance.com MAILER-DAEMON at tla.xelerance.com
Tue Nov 9 13:40:22 CET 2004


Hi,

I seem to have a similar problem, as the one being already reported by 
Tarountaev Evgueni in 
http://lists.openswan.org/pipermail/users/2004-November/002805.html

Namely, when connecting with my Windows (not Sentinel) L2TP-IPsec client, the 
connection breaks after a certain amount of data. Probably also after a 
certain while, butI didn't notice this effect right now.

In any case this happens independent of using NAT(-T), while it seems to be a 
matter of IPsec tunnel renegotiation, instead of L2TP-specific problem.

Nevertheless, I'm wondering why Windows, but also Sentinel in L2TP-mode, first 
of all want to establish a tunnel in main mode, instead of quick mode.
This doesn't seem to be necessary for the L2TP-connection and in case of 
native Windows clients this also might be the reason, why the tunnel finally 
breaks.

Could anyone give me a hint on how to fix this??

(Remark: Concerning "ipsec.conf" I followed almost exactly Jacco's example. 
I've just introduced a "rightsubnetwithin=0.0.0.0/0" to allow for connection 
of NATted clients as well)

>>>>>>>>>>>>>>>>>>>>>

pluto: packet from a.b.c.d:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
pluto: packet from a.b.c.d:500: ignoring Vendor ID payload [FRAGMENTATION]
pluto: packet from a.b.c.d:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]
pluto: packet from a.b.c.d:500: ignoring Vendor ID payload
[26244d38eddb61b3...]
pluto: "l2tp"[25] a.b.c.d #54: responding to Main Mode from unknown peer
a.b.c.d
pluto: "l2tp"[25] a.b.c.d #54: transition from state (null) to state
STATE_MAIN_R1
pluto: "l2tp"[25] a.b.c.d #54: NAT-Traversal: <...>: no NAT detected
pluto: "l2tp"[25] a.b.c.d #54: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2
pluto: "l2tp"[25] a.b.c.d #54: Main mode peer ID is ID_DER_ASN1_DN:
'<...>'
pluto: "l2tp"[26] a.b.c.d #54: deleting connection "l2tp" instance with
peer a.b.c.d
pluto: "l2tp"[26] a.b.c.d #54: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3
pluto: "l2tp"[26] a.b.c.d #54: sent MR3, ISAKMP SA established
pluto: "l2tp"[26] a.b.c.d #55: responding to Quick Mode
pluto: "l2tp"[26] a.b.c.d #55: transition from state (null) to state
STATE_QUICK_R1
l2tpd: ourtid = 12247, entropy_buf = 2fd7 

<...>

l2tpd: receive_window_size_avp: peer wants RWS of 8.  Will use flow
control. 
vpn: + <...> a.b.c.d -- x.y.z
pluto: "l2tp"[26] a.b.c.d #55: transition from state STATE_QUICK_R1 to
state STATE_QUICK_R2
pluto: "l2tp"[26] a.b.c.d #55: IPsec SA established

<...>

l2tpd: check_control: control, cid = 0, Ns = 4, Nr = 4 
pppd: sent [LCP EchoReq id=0x5 magic=0xead27cf1]
pppd: rcvd [LCP EchoRep id=0x5 magic=0x3aed0b91]
l2tpd: check_control: control, cid = 0, Ns = 4, Nr = 5 
pppd: sent [LCP EchoReq id=0x6 magic=0xead27cf1]
pppd: rcvd [LCP EchoRep id=0x6 magic=0x3aed0b91]
l2tpd: check_control: control, cid = 0, Ns = 4, Nr = 6 

<...>

pluto: "l2tp"[26] a.b.c.d #56: responding to Quick Mode
pluto: "l2tp"[26] a.b.c.d #56: transition from state (null) to state
STATE_QUICK_R1
pluto: "l2tp"[26] a.b.c.d #54: received Delete SA payload: deleting IPSEC
State #55
vpn: - <...> a.b.c.d -- x.y.z
pluto: "l2tp"[26] a.b.c.d #54: received and ignored informational message
pluto: "l2tp"[26] a.b.c.d #57: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL
pluto: "l2tp"[26] a.b.c.d #54: ignoring informational payload, type
INVALID_ID_INFORMATION
pluto: "l2tp"[26] a.b.c.d #54: received and ignored informational message
pluto: ERROR: "l2tp"[26] a.b.c.d #56: pfkey write() <...> failed. Errno
14: Bad address

>>>>>>>>>>>>>>>>>>>>>

Andreas


More information about the Users mailing list