[Openswan Users] Openswan, Windows XP behind Linksys WRT54G router

Toby Chamberlain toby at webtechservices.com.au
Thu Aug 4 19:40:24 CEST 2005


I had a very similar situation with openswan stopping at STATE_MAIN_R2, and 
the problem turned out to be the size of the certificates being too big 
(something to do with MTU and certificates not being able to be 
fragmented... I don't fully understand it). I generated new certificates 
with a lower key size and with minimal comments (for Organisation, Email 
etc., ) and it now works fine... maybe this will work for you too..

Thanks
Toby


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello list,
>
> We have a notebook with Windows XP (SP2, all updates, VPN NAT-T patch)
> behind a Linksys WRT54G router that is connecting to an Linux Openswan
> VPN server (openswan-2.3.1 with NAT-T patch, no firewall in front -
> direct connection to the Internet). Windows XP is connecting with L2TP
> to the VPN server (our settings can be viewed here ->
> http://www.sk-branik.si/support/rikom-VPN-connection.avi).
>
> The problem is that the notebook starts connecting and then everything
> stops as you can see from the attached openswan.log. If the notebook is
> connected directly to the Internet (no Linksys router infront)
> everything works without problems. The Linksys router has some settings
> like "ipsec passthrough" and "l2tp passthrough" and we have tried to
> disable this things or enable it - no difference.
>
> What could be wrong?
>
> - --
> Thanks for your help,
>
> Andrej.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFC8cSiVd/NU2yFfAoRArmpAKDgbb1Jfw3lhpXpdxkg2PdLB/rXAwCgxbsl
> TggtKc/O/FrQ0TJuZPUfWmo=
> =IWg6
> -----END PGP SIGNATURE-----
>


--------------------------------------------------------------------------------


> 8-03: 19:30:27:171:b8 Initialization OK
> 8-03: 19:32:20:140:3a8 QM PolicyName: L2TP Optional Encryption Quick Mode 
> Policy dwFlags 0
> 8-03: 19:32:20:140:3a8 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:140:3a8 QMOffer[0] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:171:3a8  Algo[0] Operation: ESP Algo: Trojni DES CBC HMAC: 
> MD5
> 8-03: 19:32:20:171:3a8 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:171:3a8 QMOffer[1] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:171:3a8  Algo[0] Operation: ESP Algo: Trojni DES CBC HMAC: 
> SHA
> 8-03: 19:32:20:171:3a8 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:171:3a8 QMOffer[2] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:171:3a8  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:171:3a8  Algo[1] Operation: ESP Algo: Trojni DES CBC HMAC: 
> 0
> 8-03: 19:32:20:171:3a8 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:171:3a8 QMOffer[3] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:171:3a8  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:187:3a8  Algo[1] Operation: ESP Algo: Trojni DES CBC HMAC: 
> 0
> 8-03: 19:32:20:187:3a8 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[4] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:187:3a8  Algo[1] Operation: ESP Algo: Trojni DES CBC HMAC: 
> SHA
> 8-03: 19:32:20:187:3a8 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[5] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:187:3a8  Algo[1] Operation: ESP Algo: Trojni DES CBC HMAC: 
> MD5
> 8-03: 19:32:20:187:3a8 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[6] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
> 8-03: 19:32:20:187:3a8 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[7] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
> 8-03: 19:32:20:187:3a8 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[8] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:187:3a8  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
> 8-03: 19:32:20:187:3a8 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[9] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:187:3a8  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
> 8-03: 19:32:20:187:3a8 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[10] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:187:3a8  Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
> 8-03: 19:32:20:187:3a8 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[11] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:187:3a8  Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
> 8-03: 19:32:20:187:3a8 QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[12] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
> 8-03: 19:32:20:187:3a8 QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[13] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
> 8-03: 19:32:20:187:3a8 QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[14] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:187:3a8 QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:187:3a8 QMOffer[15] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:187:3a8  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:218:3a8 Internal Acquire: op=00000001 
> src=192.168.1.101.1701 dst=193.2.211.10.1701 proto = 17, 
> SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 0, 
> TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0, InitiateEvent=0000063C, 
> IKE SrcPort=500 IKE DstPort=500
> 8-03: 19:32:20:218:b34 Filter to match: Src 193.2.211.10 Dst 192.168.1.101
> 8-03: 19:32:20:218:b34 MM PolicyName: L2TP Main Mode Policy
> 8-03: 19:32:20:218:b34 MMPolicy dwFlags 8 SoftSAExpireTime 28800
> 8-03: 19:32:20:218:b34 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 
> 268435457
> 8-03: 19:32:20:218:b34 MMOffer[0] Encrypt: Trojni DES CBC Hash: SHA
> 8-03: 19:32:20:218:b34 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
> 8-03: 19:32:20:218:b34 MMOffer[1] Encrypt: Trojni DES CBC Hash: SHA
> 8-03: 19:32:20:218:b34 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
> 8-03: 19:32:20:218:b34 MMOffer[2] Encrypt: Trojni DES CBC Hash: MD5
> 8-03: 19:32:20:218:b34 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
> 8-03: 19:32:20:218:b34 MMOffer[3] Encrypt: DES CBC Hash: SHA
> 8-03: 19:32:20:218:b34 MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
> 8-03: 19:32:20:218:b34 MMOffer[4] Encrypt: DES CBC Hash: MD5
> 8-03: 19:32:20:234:b34 Auth[0]:RSA Sig C=SI, S=Slovenija, L=Maribor, 
> O=Rikom d.o.o., CN=Rikom Root Certificate, E=admin at rikom.si AuthFlags 0
> 8-03: 19:32:20:234:b34 QM PolicyName: L2TP Optional Encryption Quick Mode 
> Policy dwFlags 0
> 8-03: 19:32:20:234:b34 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[0] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: ESP Algo: Trojni DES CBC HMAC: 
> MD5
> 8-03: 19:32:20:234:b34 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[1] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: ESP Algo: Trojni DES CBC HMAC: 
> SHA
> 8-03: 19:32:20:234:b34 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[2] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:234:b34  Algo[1] Operation: ESP Algo: Trojni DES CBC HMAC: 
> 0
> 8-03: 19:32:20:234:b34 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[3] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:234:b34  Algo[1] Operation: ESP Algo: Trojni DES CBC HMAC: 
> 0
> 8-03: 19:32:20:234:b34 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[4] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:234:b34  Algo[1] Operation: ESP Algo: Trojni DES CBC HMAC: 
> SHA
> 8-03: 19:32:20:234:b34 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[5] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:234:b34  Algo[1] Operation: ESP Algo: Trojni DES CBC HMAC: 
> MD5
> 8-03: 19:32:20:234:b34 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[6] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
> 8-03: 19:32:20:234:b34 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[7] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
> 8-03: 19:32:20:234:b34 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[8] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:234:b34  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
> 8-03: 19:32:20:234:b34 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[9] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:234:b34  Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
> 8-03: 19:32:20:234:b34 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[10] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:234:b34  Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
> 8-03: 19:32:20:234:b34 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[11] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:234:b34  Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
> 8-03: 19:32:20:234:b34 QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[12] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
> 8-03: 19:32:20:234:b34 QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[13] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
> 8-03: 19:32:20:234:b34 QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[14] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: SHA
> 8-03: 19:32:20:234:b34 QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
> 8-03: 19:32:20:234:b34 QMOffer[15] dwFlags 0 dwPFSGroup 0
> 8-03: 19:32:20:234:b34  Algo[0] Operation: AH Algo: MD5
> 8-03: 19:32:20:234:b34 Starting Negotiation: src = 192.168.1.101.0500, dst 
> = 193.2.211.10.0500, proto = 17, context = 00000000, ProxySrc = 
> 192.168.1.101.1701, ProxyDst = 193.2.211.10.1701 SrcMask = 0.0.0.0 DstMask 
> = 0.0.0.0
> 8-03: 19:32:20:234:b34 constructing ISAKMP Header
> 8-03: 19:32:20:234:b34 constructing SA (ISAKMP)
> 8-03: 19:32:20:234:b34 Constructing Vendor MS NT5 ISAKMPOAKLEY
> 8-03: 19:32:20:234:b34 Constructing Vendor FRAGMENTATION
> 8-03: 19:32:20:234:b34 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
> 8-03: 19:32:20:234:b34 Constructing Vendor Vid-Initial-Contact
> 8-03: 19:32:20:234:b34
> 8-03: 19:32:20:234:b34 Sending: SA = 0x000949B8 to 193.2.211.10:Type 2.500
> 8-03: 19:32:20:234:b34 ISAKMP Header: (V1.0), len = 312
> 8-03: 19:32:20:234:b34   I-COOKIE 2eb19bc02e7fc51f
> 8-03: 19:32:20:234:b34   R-COOKIE 0000000000000000
> 8-03: 19:32:20:234:b34   exchange: Oakley Main Mode
> 8-03: 19:32:20:234:b34   flags: 0
> 8-03: 19:32:20:234:b34   next payload: SA
> 8-03: 19:32:20:234:b34   message ID: 00000000
> 8-03: 19:32:20:234:b34 Ports S:f401 D:f401
> 8-03: 19:32:20:234:b34 Activating InitiateEvent 0000063C
> 8-03: 19:32:21:562:128 retransmit: sa = 000949B8 centry 00000000 , count = 
> 1
> 8-03: 19:32:21:562:128
> 8-03: 19:32:21:562:128 Sending: SA = 0x000949B8 to 193.2.211.10:Type 2.500
> 8-03: 19:32:21:562:128 ISAKMP Header: (V1.0), len = 312
> 8-03: 19:32:21:562:128   I-COOKIE 2eb19bc02e7fc51f
> 8-03: 19:32:21:562:128   R-COOKIE 0000000000000000
> 8-03: 19:32:21:562:128   exchange: Oakley Main Mode
> 8-03: 19:32:21:562:128   flags: 0
> 8-03: 19:32:21:562:128   next payload: SA
> 8-03: 19:32:21:562:128   message ID: 00000000
> 8-03: 19:32:21:562:128 Ports S:f401 D:f401
> 8-03: 19:32:23:562:128 retransmit: sa = 000949B8 centry 00000000 , count = 
> 2
> 8-03: 19:32:23:562:128
> 8-03: 19:32:23:562:128 Sending: SA = 0x000949B8 to 193.2.211.10:Type 2.500
> 8-03: 19:32:23:562:128 ISAKMP Header: (V1.0), len = 312
> 8-03: 19:32:23:562:128   I-COOKIE 2eb19bc02e7fc51f
> 8-03: 19:32:23:562:128   R-COOKIE 0000000000000000
> 8-03: 19:32:23:562:128   exchange: Oakley Main Mode
> 8-03: 19:32:23:562:128   flags: 0
> 8-03: 19:32:23:562:128   next payload: SA
> 8-03: 19:32:23:562:128   message ID: 00000000
> 8-03: 19:32:23:562:128 Ports S:f401 D:f401
> 8-03: 19:32:27:562:128 retransmit: sa = 000949B8 centry 00000000 , count = 
> 3
> 8-03: 19:32:27:562:128
> 8-03: 19:32:27:562:128 Sending: SA = 0x000949B8 to 193.2.211.10:Type 2.500
> 8-03: 19:32:27:562:128 ISAKMP Header: (V1.0), len = 312
> 8-03: 19:32:27:562:128   I-COOKIE 2eb19bc02e7fc51f
> 8-03: 19:32:27:562:128   R-COOKIE 0000000000000000
> 8-03: 19:32:27:562:128   exchange: Oakley Main Mode
> 8-03: 19:32:27:562:128   flags: 0
> 8-03: 19:32:27:562:128   next payload: SA
> 8-03: 19:32:27:562:128   message ID: 00000000
> 8-03: 19:32:27:562:128 Ports S:f401 D:f401
> 8-03: 19:32:35:562:128 retransmit: sa = 000949B8 centry 00000000 , count = 
> 4
> 8-03: 19:32:35:562:128
> 8-03: 19:32:35:562:128 Sending: SA = 0x000949B8 to 193.2.211.10:Type 2.500
> 8-03: 19:32:35:562:128 ISAKMP Header: (V1.0), len = 312
> 8-03: 19:32:35:562:128   I-COOKIE 2eb19bc02e7fc51f
> 8-03: 19:32:35:562:128   R-COOKIE 0000000000000000
> 8-03: 19:32:35:562:128   exchange: Oakley Main Mode
> 8-03: 19:32:35:562:128   flags: 0
> 8-03: 19:32:35:562:128   next payload: SA
> 8-03: 19:32:35:562:128   message ID: 00000000
> 8-03: 19:32:35:562:128 Ports S:f401 D:f401
> 8-03: 19:32:35:875:904 isadb_schedule_kill_oldPolicy_sas: 
> c5f2b091-91d1-43fd-936ca52cce791a5f 4
> 8-03: 19:32:35:875:5dc isadb_schedule_kill_oldPolicy_sas: 
> 60ee10ac-68bf-4b02-8c8641d5ae958319 3
> 8-03: 19:32:35:875:3a8 isadb_schedule_kill_oldPolicy_sas: 
> 09d490d3-8034-4242-8bd052a5a90d463a 2
> 8-03: 19:32:35:875:904 isadb_schedule_kill_oldPolicy_sas: 
> 9b02effb-fa35-456a-953c44a82b07c5c1 1
> 8-03: 19:32:35:890:b34 entered kill_old_policy_sas 4
> 8-03: 19:32:35:890:b34 SA Dead. sa:000949B8 status:3619
> 8-03: 19:32:35:890:b34 isadb_set_status sa:000949B8 centry:00000000 status 
> 3619
> 8-03: 19:32:35:890:e74 entered kill_old_policy_sas 3
> 8-03: 19:32:35:953:b34 Na in zamenjave klju a (Glavni na in)
> 8-03: 19:32:35:953:b34 IP naslov vira 192.168.1.101  Maska IP naslova vira 
> 255.255.255.255  IP naslov cilja 193.2.211.10  Maska IP naslova cilja 
> 255.255.255.255  Protokol 0  Izvorna vrata 0  Ciljna vrata 0  IKE lokalni 
> naslov192.168.1.101  IKE naslov enakovredne naprave 193.2.211.10
> 8-03: 19:32:35:953:b34
> 8-03: 19:32:35:953:b34 Jaz
> 8-03: 19:32:35:953:b34 Nov pravilnik je razveljavil SA-je, oblikovane s 
> starim pravilnikom
> 8-03: 19:32:35:953:b34 0x0 0x0
> 8-03: 19:32:35:953:b34 isadb_set_status InitiateEvent 0000063C: Setting 
> Status 3619
> 8-03: 19:32:35:953:b34 Clearing sa 000949B8 InitiateEvent 0000063C
> 8-03: 19:32:35:953:5dc CloseNegHandle 0000063C
> 8-03: 19:32:35:953:b34 constructing ISAKMP Header
> 8-03: 19:32:35:953:b34 constructing DELETE. MM 000949B8
> 8-03: 19:32:35:953:b34
> 8-03: 19:32:35:953:b34 Sending: SA = 0x000949B8 to 193.2.211.10:Type 1.500
> 8-03: 19:32:35:953:b34 ISAKMP Header: (V1.0), len = 56
> 8-03: 19:32:35:953:b34   I-COOKIE 2eb19bc02e7fc51f
> 8-03: 19:32:35:953:b34   R-COOKIE 0000000000000000
> 8-03: 19:32:35:953:b34   exchange: ISAKMP Informational Exchange
> 8-03: 19:32:35:953:b34   flags: 0
> 8-03: 19:32:35:953:b34   next payload: DELETE
> 8-03: 19:32:35:953:b34   message ID: f75ec21b
> 8-03: 19:32:35:953:b34 Ports S:f401 D:f401
> 8-03: 19:32:35:953:5dc SE cookie 2eb19bc02e7fc51f
> 8-03: 19:32:35:953:b34 entered kill_old_policy_sas 2
> 8-03: 19:32:35:953:b34 entered kill_old_policy_sas 1
> 8-03: 19:32:42:187:b34 ClearFragList
>


--------------------------------------------------------------------------------


> pluto[2067]: packet from 194.249.25.156:500: ignoring Vendor ID payload 
> [MS NT5 ISAKMPOAKLEY 00000004]
> pluto[2067]: packet from 194.249.25.156:500: ignoring Vendor ID payload 
> [FRAGMENTATION]
> pluto[2067]: packet from 194.249.25.156:500: received Vendor ID payload 
> [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> pluto[2067]: packet from 194.249.25.156:500: ignoring Vendor ID payload 
> [Vid-Initial-Contact]
> pluto[2067]: "roadwarior-l2tpd"[322] 194.249.25.156 #444: responding to 
> Main Mode from unknown peer 194.249.25.156
> pluto[2067]: "roadwarior-l2tpd"[322] 194.249.25.156 #444: transition from 
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> pluto[2067]: "roadwarior-l2tpd"[322] 194.249.25.156 #444: NAT-Traversal: 
> Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> pluto[2067]: "roadwarior-l2tpd"[322] 194.249.25.156 #444: transition from 
> state STATE_MAIN_R1 to state STATE_MAIN_R2
> pluto[2067]: "roadwarior-l2tpd"[322] 194.249.25.156 #444: max number of 
> retransmissions (2) reached STATE_MAIN_R2
> pluto[2067]: "roadwarior-l2tpd"[322] 194.249.25.156: deleting connection 
> "roadwarior-l2tpd" instance with peer 194.249.25.156 {isakmp=#0/ipsec=#0}
>


--------------------------------------------------------------------------------


> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 




More information about the Users mailing list