[Openswan Users] l2tpd problem

Francesco Defilippo francesco.defilippo at sys-net.it
Thu Sep 9 17:23:08 CEST 2004 

Hi, I'm try from a pocket pc 2003.

Stephan Scholz wrote:

> Hi Francesco,
>
> have you installed the NAT-Traversal patch for the Windows 2000 client?
> See: http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html#NAT-T
>
> Stephan
>
>> Hello, I'v a vpn with the following configuration:
>>
>> gprs -> natgw -> vpngw -> lan
>> 10.x -> 194.x -> 213.z -> 192.168.x
>>
>> when the l2tp/ipsec client connect I'v:
>>
>> Sep  9 15:36:17 vpngw pluto[5516]: packet from 194.185.97.57:14532: 
>> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
>> Sep  9 15:36:17 vpngw pluto[5516]: packet from 194.185.97.57:14532: 
>> ignoring Vendor ID payload [FRAGMENTATION]
>> Sep  9 15:36:17 vpngw pluto[5516]: packet from 194.185.97.57:14532: 
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
>> Sep  9 15:36:17 vpngw pluto[5516]: packet from 194.185.97.57:14532: 
>> ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
>> Sep  9 15:36:17 vpngw pluto[5516]: "roadwarrior"[3] 
>> 194.185.97.57:14532 #3: responding to Main Mode from unknown peer 
>> 194.185.97.57:14532
>> Sep  9 15:36:19 vpngw pluto[5516]: "roadwarrior"[3] 
>> 194.185.97.57:14532 #3: NAT-Traversal: Result using 
>> draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
>> Sep  9 15:36:21 vpngw pluto[5516]: "roadwarrior"[3] 
>> 194.185.97.57:14532 #3: Peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Italia, 
>> L=test, O=test, OU=test1, CN=pda, E=pda at test.lan'
>> Sep  9 15:36:21 vpngw pluto[5516]: "roadwarrior"[4] 
>> 194.185.97.57:14532 #3: deleting connection "roadwarrior" instance 
>> with peer 194.185.97.57 {isakmp=#0/ipsec=#0}
>> Sep  9 15:36:22 vpngw pluto[5516]: | NAT-T: new mapping 
>> 194.185.97.57:14532/14578)
>> Sep  9 15:36:22 vpngw pluto[5516]: "roadwarrior"[4] 
>> 194.185.97.57:14578 #3: sent MR3, ISAKMP SA established
>> Sep  9 15:36:23 vpngw pluto[5516]: "roadwarrior"[4] 
>> 194.185.97.57:14578 #3: retransmitting in response to duplicate 
>> packet; already STATE_MAIN_R3
>> Sep  9 15:36:24 vpngw pluto[5516]: "roadwarrior"[4] 
>> 194.185.97.57:14578 #3: retransmitting in response to duplicate 
>> packet; already STATE_MAIN_R3
>> Sep  9 15:36:25 vpngw pluto[5516]: "roadwarrior"[4] 
>> 194.185.97.57:14578 #4: responding to Quick Mode
>> Sep  9 15:36:25 vpngw pluto[5516]: "roadwarrior"[4] 
>> 194.185.97.57:14578 #4: discarding duplicate packet; already 
>> STATE_QUICK_R1
>> Sep  9 15:36:26 vpngw pluto[5516]: "roadwarrior"[4] 
>> 194.185.97.57:14578 #4: IPsec SA established {ESP=>0x008ad7e0 
>> <0x953509f9 NATOA=10.216.149.19}
>>
>> after the l2tpd daemon say:
>>
>> Sep  9 15:31:58 vpngw l2tpd[3289]: ourtid = 33436, entropy_buf = 829c
>> Sep  9 15:31:58 vpngw l2tpd[3289]: ourcid = 12570, entropy_buf = 311a
>> Sep  9 15:31:58 vpngw l2tpd[3289]: check_control: control, cid = 0, 
>> Ns = 0, Nr = 0
>> Sep  9 15:31:58 vpngw l2tpd[3289]: handle_avps: handling avp's for 
>> tunnel 33436, call 12570
>> Sep  9 15:31:58 vpngw l2tpd[3289]: message_type_avp: message type 1 
>> (Start-Control-Connection-Request)
>> Sep  9 15:31:58 vpngw l2tpd[3289]: protocol_version_avp: peer is 
>> using version 1, revision 0.
>> Sep  9 15:31:58 vpngw l2tpd[3289]: framing_caps_avp: supported peer 
>> frames: sync
>> Sep  9 15:31:58 vpngw l2tpd[3289]: bearer_caps_avp: supported peer 
>> bearers:
>> Sep  9 15:31:58 vpngw l2tpd[3289]: firmware_rev_avp: peer reports 
>> firmware version 1026 (0x0402)
>> Sep  9 15:31:58 vpngw l2tpd[3289]: hostname_avp: peer reports 
>> hostname 'Pocket_PC_1'
>> Sep  9 15:31:58 vpngw l2tpd[3289]: vendor_avp: peer reports vendor 
>> 'Microsoft\200^H'
>> Sep  9 15:31:58 vpngw l2tpd[3289]: assigned_tunnel_avp: using peer's 
>> tunnel 44
>> Sep  9 15:31:58 vpngw l2tpd[3289]: receive_window_size_avp: peer 
>> wants RWS of 8.  Will use flow control.
>> Sep  9 15:32:03 vpngw l2tpd[3289]: control_xmit: Maximum retries 
>> exceeded for tunnel 33436.  Closing.
>> Sep  9 15:32:03 vpngw l2tpd[3289]: call_close : Connection 44 closed 
>> to 194.185.97.57, port 1701 (Timeout)
>> Sep  9 15:32:08 vpngw l2tpd[3289]: control_xmit: Unable to deliver 
>> closing message for tunnel 33436. Destroying anyway.
>> Sep  9 15:35:42 vpngw l2tpd[3289]: death_handler: Fatal signal 15 
>> received
>>
>> any hint?
>>
>> ipsec.conf:
>>
>> version 2.0
>>
>> config setup
>>        #interfaces="ipsec0=eth0"
>>        interfaces=%defaultroute
>>        nat_traversal=yes
>>        klipsdebug=none
>>        dumpdir=/tmp
>>        overridemtu=1410
>>        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12
>>        hidetos=yes
>>        uniqueids=yes
>>
>> conn %default
>>        compress=yes
>>        disablearrivalcheck=no
>>        authby=rsasig
>>        leftrsasigkey=%cert
>>        rightrsasigkey=%cert
>>        left=%defaultroute
>>        leftcert=vpngw-cert.pem
>>        pfs=no
>>
>> conn roadwarrior
>>        leftprotoport=17/1701
>>        right=%any
>>        rightprotoport=17/%any
>>        rightsubnet=vhost:%no,%priv
>>        auto=add
>>        esp="3des-md5,3des-sha1"
>>        keyingtries=3
>>
>>
>>
>>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: 
>> +390382476497
>>
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>
>
>


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

More information about the Users mailing list