[Openswan Users] problem with nat-t transport mode
Francesco Defilippo
francesco.defilippo at sys-net.it
Thu Sep 2 11:07:33 CEST 2004
hello, while i try to connect from a gprs device I have the following
problem:
log of GPRS -> NAT_GATEWAY -> VPNGATE:
Sep 2 09:59:22 vpngate pluto[27407]: packet from 194.185.97.55:14176:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 2 09:59:22 vpngate pluto[27407]: packet from 194.185.97.55:14176:
ignoring Vendor ID payload [FRAGMENTATION]
Sep 2 09:59:22 vpngate pluto[27407]: packet from 194.185.97.55:14176:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Sep 2 09:59:22 vpngate pluto[27407]: packet from 194.185.97.55:14176:
ignoring Vendor ID payload [26244d38eddb61b3...]
Sep 2 09:59:22 vpngate pluto[27407]: "pocketpc"[1] 194.185.97.55:14176
#1: responding to Main Mode from unknown peer 194.185.97.55:14176
Sep 2 09:59:22 vpngate pluto[27407]: "pocketpc"[1] 194.185.97.55:14176
#1: transition from state (null) to state STATE_MAIN_R1
Sep 2 09:59:24 vpngate pluto[27407]: "pocketpc"[1] 194.185.97.55:14176
#1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer
is NATed
Sep 2 09:59:24 vpngate pluto[27407]: "pocketpc"[1] 194.185.97.55:14176
#1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Sep 2 09:59:26 vpngate pluto[27407]: "pocketpc"[1] 194.185.97.55:14176
#1: Peer ID is ID_DER_ASN1_DN: 'My CN'
Sep 2 09:59:26 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14176
#1: deleting connection "pocketpc" instance with peer 194.185.97.55
{isakmp=#0/ipsec=#0}
Sep 2 09:59:26 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14176
#1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Sep 2 09:59:26 vpngate pluto[27407]: | NAT-T: new mapping
194.185.97.55:14176/14188)
Sep 2 09:59:26 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14188
#1: sent MR3, ISAKMP SA established
Sep 2 09:59:28 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14188
#1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Sep 2 09:59:29 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14188
#1: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Sep 2 09:59:29 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14188
#1: cannot respond to IPsec SA request because no connection is known
for
80.117.39.42:4500[CN=vpngate]:17/1701...194.185.97.55:14188[CN=pocketpc]:17/1701
Sep 2 09:59:29 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14188
#1: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0xeb983fd8 (perhaps this is a duplicated packet)
Sep 2 09:59:42 vpngate last message repeated 3 times
Sep 2 09:59:51 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14188
#1: received Delete SA payload: deleting ISAKMP State #1
Sep 2 09:59:51 vpngate pluto[27407]: "pocketpc"[2] 194.185.97.55:14188:
deleting connection "pocketpc" instance with peer 194.185.97.55
{isakmp=#0/ipsec=#0}
Sep 2 09:59:52 vpngate pluto[27407]: ERROR: asynchronous network error
report on eth0 for message to 194.185.97.55 port 14188, complainant
194.185.97.55: Connection refused [errno 111, origin ICMP type 3 code 3
(not authenticated)]
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
More information about the Users
mailing list