[Openswan Users] two or more l2tp/ipsec connection problem with windows xp sp2behind nat...

Ju min su minsuj at electrang.net
Wed Oct 27 02:46:02 CEST 2004 

Hi..

the first connection is successful.. but second connection fails..

My testing environment is..

Client
    Windows XP SP2 ( nat capable )

Server
    Fedora Core 2 - Linux 2.6.8-1.521
    Openswan 2.3.0dr2
    l2tpd 0.70 ( debian patched..)

ipsec.conf
-- snip --
conn l2tp-ipsec
        authby=secret
        left=172.31.190.6
        leftprotoport=17/1701
        right=%any
        auto=add
        rightsubnetwithin=0.0.0.0/0
        rightprotoport=17/1701
        pfs=no
-- snip --

here is my syslog messages...

-- snip --
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[31] 172.30.175.80 #3698: 
responding to Main Mode from unknown peer 172.30.175.80
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[31] 172.30.175.80 #3698: 
transition from state (null) to state STATE_MAIN_R1
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[31] 172.30.175.80 #3698: 
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[31] 172.30.175.80 #3698: 
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[31] 172.30.175.80 #3698: 
Peer ID is ID_FQDN: '@minsuj-xp.nexg.net'
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80 #3698: 
deleting connection "l2tp-ipsec" instance with peer 172.30.175.80 
{isakmp=#0/ipsec=#0}
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80 #3698: 
I did not send a certificate because I do not have one.
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80 #3698: 
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 27 01:28:21 ftp pluto[22178]: | NAT-T: new mapping 
172.30.175.80:500/1024)
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80:1024 
#3698: sent MR3, ISAKMP SA established
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80:1024 
#3699: responding to Quick Mode
Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80:1024 
#3699: cannot install eroute -- it is in use for "l2tp-ipsec"[28] 
172.30.175.80:4500 #3694
Oct 27 01:28:22 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80:1024 
#3698: Quick Mode I1 message is unacceptable because it uses a 
previously used Message ID 0x29f8ad3f (perhaps this is a duplicated packet)
Oct 27 01:28:22 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80:1024 
#3698: sending encrypted notification INVALID_MESSAGE_ID to 
172.30.175.80:1024
Oct 27 01:28:24 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80:1024 
#3698: Quick Mode I1 message is unacceptable because it uses a 
previously used Message ID 0x29f8ad3f (perhaps this is a duplicated packet)
Oct 27 01:28:24 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80:1024 
#3698: sending encrypted notification INVALID_MESSAGE_ID to 
172.30.175.80:1024

-- snip --


Oct 27 01:28:21 ftp pluto[22178]: "l2tp-ipsec"[32] 172.30.175.80:1024 
#3699: cannot install eroute -- it is in use for "l2tp-ipsec"[28] 
172.30.175.80:4500 #3694

i think this message is key point...
how can i overcom this problem ?

thank in advance..

More information about the Users mailing list