[Openswan Users] Rekeying problem XP SP2 with L2TP (again)
MAILER-DAEMON at tla.xelerance.com
MAILER-DAEMON at tla.xelerance.com
Tue Nov 9 13:40:22 CET 2004
Hi,
I seem to have a similar problem, as the one being already reported by
Tarountaev Evgueni in
http://lists.openswan.org/pipermail/users/2004-November/002805.html
Namely, when connecting with my Windows (not Sentinel) L2TP-IPsec client, the
connection breaks after a certain amount of data. Probably also after a
certain while, butI didn't notice this effect right now.
In any case this happens independent of using NAT(-T), while it seems to be a
matter of IPsec tunnel renegotiation, instead of L2TP-specific problem.
Nevertheless, I'm wondering why Windows, but also Sentinel in L2TP-mode, first
of all want to establish a tunnel in main mode, instead of quick mode.
This doesn't seem to be necessary for the L2TP-connection and in case of
native Windows clients this also might be the reason, why the tunnel finally
breaks.
Could anyone give me a hint on how to fix this??
(Remark: Concerning "ipsec.conf" I followed almost exactly Jacco's example.
I've just introduced a "rightsubnetwithin=0.0.0.0/0" to allow for connection
of NATted clients as well)
>>>>>>>>>>>>>>>>>>>>>
pluto: packet from a.b.c.d:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
pluto: packet from a.b.c.d:500: ignoring Vendor ID payload [FRAGMENTATION]
pluto: packet from a.b.c.d:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]
pluto: packet from a.b.c.d:500: ignoring Vendor ID payload
[26244d38eddb61b3...]
pluto: "l2tp"[25] a.b.c.d #54: responding to Main Mode from unknown peer
a.b.c.d
pluto: "l2tp"[25] a.b.c.d #54: transition from state (null) to state
STATE_MAIN_R1
pluto: "l2tp"[25] a.b.c.d #54: NAT-Traversal: <...>: no NAT detected
pluto: "l2tp"[25] a.b.c.d #54: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2
pluto: "l2tp"[25] a.b.c.d #54: Main mode peer ID is ID_DER_ASN1_DN:
'<...>'
pluto: "l2tp"[26] a.b.c.d #54: deleting connection "l2tp" instance with
peer a.b.c.d
pluto: "l2tp"[26] a.b.c.d #54: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3
pluto: "l2tp"[26] a.b.c.d #54: sent MR3, ISAKMP SA established
pluto: "l2tp"[26] a.b.c.d #55: responding to Quick Mode
pluto: "l2tp"[26] a.b.c.d #55: transition from state (null) to state
STATE_QUICK_R1
l2tpd: ourtid = 12247, entropy_buf = 2fd7
<...>
l2tpd: receive_window_size_avp: peer wants RWS of 8. Will use flow
control.
vpn: + <...> a.b.c.d -- x.y.z
pluto: "l2tp"[26] a.b.c.d #55: transition from state STATE_QUICK_R1 to
state STATE_QUICK_R2
pluto: "l2tp"[26] a.b.c.d #55: IPsec SA established
<...>
l2tpd: check_control: control, cid = 0, Ns = 4, Nr = 4
pppd: sent [LCP EchoReq id=0x5 magic=0xead27cf1]
pppd: rcvd [LCP EchoRep id=0x5 magic=0x3aed0b91]
l2tpd: check_control: control, cid = 0, Ns = 4, Nr = 5
pppd: sent [LCP EchoReq id=0x6 magic=0xead27cf1]
pppd: rcvd [LCP EchoRep id=0x6 magic=0x3aed0b91]
l2tpd: check_control: control, cid = 0, Ns = 4, Nr = 6
<...>
pluto: "l2tp"[26] a.b.c.d #56: responding to Quick Mode
pluto: "l2tp"[26] a.b.c.d #56: transition from state (null) to state
STATE_QUICK_R1
pluto: "l2tp"[26] a.b.c.d #54: received Delete SA payload: deleting IPSEC
State #55
vpn: - <...> a.b.c.d -- x.y.z
pluto: "l2tp"[26] a.b.c.d #54: received and ignored informational message
pluto: "l2tp"[26] a.b.c.d #57: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL
pluto: "l2tp"[26] a.b.c.d #54: ignoring informational payload, type
INVALID_ID_INFORMATION
pluto: "l2tp"[26] a.b.c.d #54: received and ignored informational message
pluto: ERROR: "l2tp"[26] a.b.c.d #56: pfkey write() <...> failed. Errno
14: Bad address
>>>>>>>>>>>>>>>>>>>>>
Andreas
More information about the Users
mailing list