[Openswan Users]

Stefano Pazzaglia stefano.pazzaglia at fastwebnet.it
Sat Aug 6 21:42:36 CEST 2005


And this are my logs...


Aug  6 19:25:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 32
Aug  6 19:26:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 33
Aug  6 19:27:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 34
Aug  6 19:28:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 35
Aug  6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #7: initiating Quick Mode PSK+EN
CRYPT+COMPRESS+TUNNEL to replace #6 {using isakmp#1}
Aug  6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #1: ignoring informational paylo
ad, type INVALID_ID_INFORMATION
Aug  6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #1: received and ignored informa
tional message
Aug  6 19:29:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 36
Aug  6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #7: max number of retransmission
s (2) reached STATE_QUICK_I1
Aug  6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #7: starting keying attempt 2 of
 at most 3
Aug  6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #8: initiating Quick Mode PSK+EN
CRYPT+COMPRESS+TUNNEL to replace #7 {using isakmp#1}
Aug  6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #1: ignoring informational paylo
ad, type INVALID_ID_INFORMATION
Aug  6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #1: received and ignored informa
tional message
Aug  6 19:30:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 37
Aug  6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #8: max number of retransmission
s (2) reached STATE_QUICK_I1
Aug  6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #8: starting keying attempt 3 of
 at most 3
Aug  6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #9: initiating Quick Mode PSK+EN
CRYPT+COMPRESS+TUNNEL to replace #8 {using isakmp#1}
Aug  6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #1: ignoring informational paylo
ad, type INVALID_ID_INFORMATION
Aug  6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #1: received and ignored informa
tional message
Aug  6 19:31:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 38
Aug  6 19:32:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 39
Aug  6 19:32:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #9: max number of retransmission
s (2) reached STATE_QUICK_I1
Aug  6 19:33:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 40
Aug  6 19:33:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #6: IPsec SA expired (LATEST!)
Aug  6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #10: responding to Quick Mode {m
sgid:21466768}
Aug  6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #10: transition from state STATE
_QUICK_R0 to state STATE_QUICK_R1
Aug  6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #10: transition from state STATE
_QUICK_R1 to state STATE_QUICK_R2
Aug  6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #10: IPsec SA established {ESP=>
0x5a9ef1f4 <0xe2da3c97 xfrm=3DES_0-HMAC_MD5 NATD=xxx.xxx.xxx.123}
Aug  6 19:34:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 41
Aug  6 19:35:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 42
Aug  6 19:36:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 43
Aug  6 19:37:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 44
Aug  6 19:38:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 45
Aug  6 19:39:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 46
Aug  6 19:40:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 47
Aug  6 19:41:21 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #11: initiating Main Mode to rep
lace #1
Aug  6 19:41:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 48
Aug  6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #11: max number of retransmissio
ns (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to 
our first IKE message
Aug  6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #11: starting keying attempt 2 o
f at most 3
Aug  6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #12: initiating Main Mode to rep
lace #11
Aug  6 19:42:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 49
Aug  6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #12: max number of retransmissio
ns (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to 
our first IKE message
Aug  6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #12: starting keying attempt 3 o
f at most 3
Aug  6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #13: initiating Main Mode to rep
lace #12
Aug  6 19:43:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 50
Aug  6 19:44:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #13: max number of retransmissio
ns (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to 
our first IKE message
Aug  6 19:44:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 51
Aug  6 19:45:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #1: ISAKMP SA expired (LATEST!)
Aug  6 19:45:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 52
Aug  6 19:46:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 53
Aug  6 19:47:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 54
Aug  6 19:48:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 55
Aug  6 19:49:08 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #14: initiating Main Mode
Aug  6 19:49:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 56
Aug  6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #14: max number of retransmissio
ns (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to 
our first IKE message
Aug  6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #14: starting keying attempt 2 o
f at most 3
Aug  6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #15: initiating Main Mode to rep
lace #14
Aug  6 19:50:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 57
Aug  6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #15: max number of retransmissio
ns (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to 
our first IKE message
Aug  6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #15: starting keying attempt 3 o
f at most 3
Aug  6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #16: initiating Main Mode to rep
lace #15
Aug  6 19:51:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 58
Aug  6 19:52:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #16: max number of retransmissio
ns (2) reached STATE_MAIN_I1.  No response (or no acceptable response) to 
our first IKE message
Aug  6 19:52:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5, 
Nr = 59
Aug  6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123 #10: IPsec SA expired (LATEST!)
Aug  6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2] 
xxx.xxx.xxx.123: deleting connection "roadwarrio
r-l2tp-updatedwin" instance with peer xxx.xxx.xxx.123 {isakmp=#0/ipsec=#0}
Aug  6 19:53:56 Orione l2tpd[8136]: control_xmit: Maximum retries exceeded 
for tunnel 50998.  Closing.
Aug  6 19:53:56 Orione pppd[10759]: Terminating on signal 15.
Aug  6 19:53:56 Orione pppd[10759]: Modem hangup
Aug  6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down started (pid 
11660)
Aug  6 19:53:56 Orione pppd[10759]: Connection terminated.
Aug  6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
Aug  6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974 bytes.
Aug  6 19:53:56 Orione pppd[10759]: Waiting for 1 child processes...
Aug  6 19:53:56 Orione pppd[10759]:   script /etc/ppp/ip-down, pid 11660
Aug  6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down finished (pid 
11660), status = 0x1
Aug  6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
Aug  6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974 bytes.
Aug  6 19:53:56 Orione pppd[10759]: Exit.
Aug  6 19:53:56 Orione l2tpd[8136]: call_close : Connection 51 closed to 
xxx.xxx.xxx.123, port 1701 (Timeout)







----- Original Message ----- 
From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
To: <users at openswan.org>
Sent: Saturday, August 06, 2005 7:00 PM
Subject: Re: [Openswan Users]


> No, this way it dowsn't work.
> However yesterday in the morning I was in a hurry 'cause I had to go to 
> work, and I was making some changed to my ipsec.conf. After restarted 
> ipsec I went to my office and there I tried to change something in 
> ipsec.conf to make it work. Hours passed and my home <-> VPN connection 
> made using (home modified) ipsec.conf seemed to work in a great way (I 
> manually stopped from office after 500 minutes it was started).
> The ugly thing is that in the meantime I had made some changes to my 
> ipsec.conf and I can't remember which. This is my ipsec.conf in this 
> moment. It looks very simple, but WHY it doesnt work???
>
>
> version 2.0     # conforms to second version of ipsec.conf specification
>
> config setup
>        interfaces=%defaultroute
>        klipsdebug=none
>        plutodebug=none
>        nat_traversal=yes
>        virtual_private=%v4:192.168.0.0/24
>
>
> conn roadwarrior-l2tp-updatedwin
>        keyingtries=3
>        compress=yes
>        disablearrivalcheck=no
>        authby=secret
>        type=tunnel
>        keyexchange=ike
>        ikelifetime=23m
>        keylife=19m
>        leftprotoport=17/1701
>        rightprotoport=17/1701
>        pfs=no
>        left=%defaultroute
>        right=%any
>        auto=add
>
> include /etc/ipsec.d/examples/no_oe.conf
>
>
>
>
> ----- Original Message ----- 
> From: "Jacco de Leeuw" <jacco2 at dds.nl>
> To: <stefano.pazzaglia at fastwebnet.it>
> Sent: Thursday, August 04, 2005 5:51 PM
> Subject: Re: [Openswan Users]
>
>
>>
>>>
>>> #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.0.0/24
>>>
>>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>>
>>
>> If 192.168.0.0/24 is your internal network (as roadwarrior-net seems to 
>> imply)
>> then the line that you commented out is the one that is correct.
>>
>>> conn %default
>>>         #keyingtries=3
>>>         keyingtries=0
>>
>> I don't recommend keyingtries=0 for Road Warriors, because the
>> connection will be retried indefinitely after it is set up.
>>
>>>         compress=yes
>>>         disablearrivalcheck=no
>>>         authby=secret
>>>         type=tunnel
>>>         keyexchange=ike
>>>         ikelifetime=240m
>>>         keylife=60m
>>
>> I never had to specify these explicitly. Openswan's defaults should be
>> fine. You could try to comment out these. And move the authby= to the
>> individual connection sections.
>>
>>> conn roadwarrior-l2tp
>>>         leftsubnet=192.168.0.0/24
>>
>> No, this is not correct. Can you replace this
>> with leftnexthop=192.168.0.1 (or whatever the IP
>> address is of the NAT router before the VPN server).
>> Idem for roadwarrior-l2tp-updatedwin.
>>
>> I still recommend certificates instead of PSKs.
>>
>> Jacco
>> -- 
>> Jacco de Leeuw                         mailto:jacco2 at dds.nl
>> Zaandam, The Netherlands           http://www.jacco2.dds.nl
>>
>>
>> -- 
>> No virus found in this incoming message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 04/08/2005
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 04/08/2005
>
> 



More information about the Users mailing list