[Openswan Users] l2tpd problem

Francesco Defilippo francesco.defilippo at sys-net.it
Thu Sep 9 16:45:08 CEST 2004 

Hello, I'v a vpn with the following configuration:

gprs -> natgw -> vpngw -> lan
10.x -> 194.x -> 213.z -> 192.168.x

when the l2tp/ipsec client connect I'v:

Sep  9 15:36:17 vpngw pluto[5516]: packet from 194.185.97.57:14532: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep  9 15:36:17 vpngw pluto[5516]: packet from 194.185.97.57:14532: 
ignoring Vendor ID payload [FRAGMENTATION]
Sep  9 15:36:17 vpngw pluto[5516]: packet from 194.185.97.57:14532: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Sep  9 15:36:17 vpngw pluto[5516]: packet from 194.185.97.57:14532: 
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Sep  9 15:36:17 vpngw pluto[5516]: "roadwarrior"[3] 194.185.97.57:14532 
#3: responding to Main Mode from unknown peer 194.185.97.57:14532
Sep  9 15:36:19 vpngw pluto[5516]: "roadwarrior"[3] 194.185.97.57:14532 
#3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer 
is NATed
Sep  9 15:36:21 vpngw pluto[5516]: "roadwarrior"[3] 194.185.97.57:14532 
#3: Peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Italia, L=test, O=test, 
OU=test1, CN=pda, E=pda at test.lan'
Sep  9 15:36:21 vpngw pluto[5516]: "roadwarrior"[4] 194.185.97.57:14532 
#3: deleting connection "roadwarrior" instance with peer 194.185.97.57 
{isakmp=#0/ipsec=#0}
Sep  9 15:36:22 vpngw pluto[5516]: | NAT-T: new mapping 
194.185.97.57:14532/14578)
Sep  9 15:36:22 vpngw pluto[5516]: "roadwarrior"[4] 194.185.97.57:14578 
#3: sent MR3, ISAKMP SA established
Sep  9 15:36:23 vpngw pluto[5516]: "roadwarrior"[4] 194.185.97.57:14578 
#3: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Sep  9 15:36:24 vpngw pluto[5516]: "roadwarrior"[4] 194.185.97.57:14578 
#3: retransmitting in response to duplicate packet; already STATE_MAIN_R3
Sep  9 15:36:25 vpngw pluto[5516]: "roadwarrior"[4] 194.185.97.57:14578 
#4: responding to Quick Mode
Sep  9 15:36:25 vpngw pluto[5516]: "roadwarrior"[4] 194.185.97.57:14578 
#4: discarding duplicate packet; already STATE_QUICK_R1
Sep  9 15:36:26 vpngw pluto[5516]: "roadwarrior"[4] 194.185.97.57:14578 
#4: IPsec SA established {ESP=>0x008ad7e0 <0x953509f9 NATOA=10.216.149.19}

after the l2tpd daemon say:

Sep  9 15:31:58 vpngw l2tpd[3289]: ourtid = 33436, entropy_buf = 829c
Sep  9 15:31:58 vpngw l2tpd[3289]: ourcid = 12570, entropy_buf = 311a
Sep  9 15:31:58 vpngw l2tpd[3289]: check_control: control, cid = 0, Ns = 
0, Nr = 0
Sep  9 15:31:58 vpngw l2tpd[3289]: handle_avps: handling avp's for 
tunnel 33436, call 12570
Sep  9 15:31:58 vpngw l2tpd[3289]: message_type_avp: message type 1 
(Start-Control-Connection-Request)
Sep  9 15:31:58 vpngw l2tpd[3289]: protocol_version_avp: peer is using 
version 1, revision 0.
Sep  9 15:31:58 vpngw l2tpd[3289]: framing_caps_avp: supported peer 
frames: sync
Sep  9 15:31:58 vpngw l2tpd[3289]: bearer_caps_avp: supported peer bearers:
Sep  9 15:31:58 vpngw l2tpd[3289]: firmware_rev_avp: peer reports 
firmware version 1026 (0x0402)
Sep  9 15:31:58 vpngw l2tpd[3289]: hostname_avp: peer reports hostname 
'Pocket_PC_1'
Sep  9 15:31:58 vpngw l2tpd[3289]: vendor_avp: peer reports vendor 
'Microsoft\200^H'
Sep  9 15:31:58 vpngw l2tpd[3289]: assigned_tunnel_avp: using peer's 
tunnel 44
Sep  9 15:31:58 vpngw l2tpd[3289]: receive_window_size_avp: peer wants 
RWS of 8.  Will use flow control.
Sep  9 15:32:03 vpngw l2tpd[3289]: control_xmit: Maximum retries 
exceeded for tunnel 33436.  Closing.
Sep  9 15:32:03 vpngw l2tpd[3289]: call_close : Connection 44 closed to 
194.185.97.57, port 1701 (Timeout)
Sep  9 15:32:08 vpngw l2tpd[3289]: control_xmit: Unable to deliver 
closing message for tunnel 33436. Destroying anyway.
Sep  9 15:35:42 vpngw l2tpd[3289]: death_handler: Fatal signal 15 received

any hint?

ipsec.conf:

version 2.0
 
config setup
        #interfaces="ipsec0=eth0"
        interfaces=%defaultroute
        nat_traversal=yes
        klipsdebug=none
        dumpdir=/tmp
        overridemtu=1410
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12
        hidetos=yes
        uniqueids=yes
 
conn %default
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        left=%defaultroute
        leftcert=vpngw-cert.pem
        pfs=no
 
conn roadwarrior
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/%any
        rightsubnet=vhost:%no,%priv
        auto=add
        esp="3des-md5,3des-sha1"
        keyingtries=3



    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

More information about the Users mailing list