[Openswan Users]
Stefano Pazzaglia
stefano.pazzaglia at fastwebnet.it
Sat Aug 6 21:42:36 CEST 2005
And this are my logs...
Aug 6 19:25:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 32
Aug 6 19:26:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 33
Aug 6 19:27:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 34
Aug 6 19:28:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 35
Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #7: initiating Quick Mode PSK+EN
CRYPT+COMPRESS+TUNNEL to replace #6 {using isakmp#1}
Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #1: ignoring informational paylo
ad, type INVALID_ID_INFORMATION
Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #1: received and ignored informa
tional message
Aug 6 19:29:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 36
Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #7: max number of retransmission
s (2) reached STATE_QUICK_I1
Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #7: starting keying attempt 2 of
at most 3
Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #8: initiating Quick Mode PSK+EN
CRYPT+COMPRESS+TUNNEL to replace #7 {using isakmp#1}
Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #1: ignoring informational paylo
ad, type INVALID_ID_INFORMATION
Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #1: received and ignored informa
tional message
Aug 6 19:30:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 37
Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #8: max number of retransmission
s (2) reached STATE_QUICK_I1
Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #8: starting keying attempt 3 of
at most 3
Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #9: initiating Quick Mode PSK+EN
CRYPT+COMPRESS+TUNNEL to replace #8 {using isakmp#1}
Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #1: ignoring informational paylo
ad, type INVALID_ID_INFORMATION
Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #1: received and ignored informa
tional message
Aug 6 19:31:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 38
Aug 6 19:32:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 39
Aug 6 19:32:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #9: max number of retransmission
s (2) reached STATE_QUICK_I1
Aug 6 19:33:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 40
Aug 6 19:33:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #6: IPsec SA expired (LATEST!)
Aug 6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #10: responding to Quick Mode {m
sgid:21466768}
Aug 6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #10: transition from state STATE
_QUICK_R0 to state STATE_QUICK_R1
Aug 6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #10: transition from state STATE
_QUICK_R1 to state STATE_QUICK_R2
Aug 6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #10: IPsec SA established {ESP=>
0x5a9ef1f4 <0xe2da3c97 xfrm=3DES_0-HMAC_MD5 NATD=xxx.xxx.xxx.123}
Aug 6 19:34:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 41
Aug 6 19:35:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 42
Aug 6 19:36:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 43
Aug 6 19:37:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 44
Aug 6 19:38:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 45
Aug 6 19:39:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 46
Aug 6 19:40:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 47
Aug 6 19:41:21 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #11: initiating Main Mode to rep
lace #1
Aug 6 19:41:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 48
Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #11: max number of retransmissio
ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
our first IKE message
Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #11: starting keying attempt 2 o
f at most 3
Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #12: initiating Main Mode to rep
lace #11
Aug 6 19:42:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 49
Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #12: max number of retransmissio
ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
our first IKE message
Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #12: starting keying attempt 3 o
f at most 3
Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #13: initiating Main Mode to rep
lace #12
Aug 6 19:43:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 50
Aug 6 19:44:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #13: max number of retransmissio
ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
our first IKE message
Aug 6 19:44:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 51
Aug 6 19:45:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #1: ISAKMP SA expired (LATEST!)
Aug 6 19:45:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 52
Aug 6 19:46:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 53
Aug 6 19:47:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 54
Aug 6 19:48:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 55
Aug 6 19:49:08 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #14: initiating Main Mode
Aug 6 19:49:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 56
Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #14: max number of retransmissio
ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
our first IKE message
Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #14: starting keying attempt 2 o
f at most 3
Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #15: initiating Main Mode to rep
lace #14
Aug 6 19:50:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 57
Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #15: max number of retransmissio
ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
our first IKE message
Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #15: starting keying attempt 3 o
f at most 3
Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #16: initiating Main Mode to rep
lace #15
Aug 6 19:51:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 58
Aug 6 19:52:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #16: max number of retransmissio
ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
our first IKE message
Aug 6 19:52:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns = 5,
Nr = 59
Aug 6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123 #10: IPsec SA expired (LATEST!)
Aug 6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
xxx.xxx.xxx.123: deleting connection "roadwarrio
r-l2tp-updatedwin" instance with peer xxx.xxx.xxx.123 {isakmp=#0/ipsec=#0}
Aug 6 19:53:56 Orione l2tpd[8136]: control_xmit: Maximum retries exceeded
for tunnel 50998. Closing.
Aug 6 19:53:56 Orione pppd[10759]: Terminating on signal 15.
Aug 6 19:53:56 Orione pppd[10759]: Modem hangup
Aug 6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down started (pid
11660)
Aug 6 19:53:56 Orione pppd[10759]: Connection terminated.
Aug 6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
Aug 6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974 bytes.
Aug 6 19:53:56 Orione pppd[10759]: Waiting for 1 child processes...
Aug 6 19:53:56 Orione pppd[10759]: script /etc/ppp/ip-down, pid 11660
Aug 6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down finished (pid
11660), status = 0x1
Aug 6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
Aug 6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974 bytes.
Aug 6 19:53:56 Orione pppd[10759]: Exit.
Aug 6 19:53:56 Orione l2tpd[8136]: call_close : Connection 51 closed to
xxx.xxx.xxx.123, port 1701 (Timeout)
----- Original Message -----
From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
To: <users at openswan.org>
Sent: Saturday, August 06, 2005 7:00 PM
Subject: Re: [Openswan Users]
> No, this way it dowsn't work.
> However yesterday in the morning I was in a hurry 'cause I had to go to
> work, and I was making some changed to my ipsec.conf. After restarted
> ipsec I went to my office and there I tried to change something in
> ipsec.conf to make it work. Hours passed and my home <-> VPN connection
> made using (home modified) ipsec.conf seemed to work in a great way (I
> manually stopped from office after 500 minutes it was started).
> The ugly thing is that in the meantime I had made some changes to my
> ipsec.conf and I can't remember which. This is my ipsec.conf in this
> moment. It looks very simple, but WHY it doesnt work???
>
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> config setup
> interfaces=%defaultroute
> klipsdebug=none
> plutodebug=none
> nat_traversal=yes
> virtual_private=%v4:192.168.0.0/24
>
>
> conn roadwarrior-l2tp-updatedwin
> keyingtries=3
> compress=yes
> disablearrivalcheck=no
> authby=secret
> type=tunnel
> keyexchange=ike
> ikelifetime=23m
> keylife=19m
> leftprotoport=17/1701
> rightprotoport=17/1701
> pfs=no
> left=%defaultroute
> right=%any
> auto=add
>
> include /etc/ipsec.d/examples/no_oe.conf
>
>
>
>
> ----- Original Message -----
> From: "Jacco de Leeuw" <jacco2 at dds.nl>
> To: <stefano.pazzaglia at fastwebnet.it>
> Sent: Thursday, August 04, 2005 5:51 PM
> Subject: Re: [Openswan Users]
>
>
>>
>>>
>>> #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.0.0/24
>>>
>>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>>
>>
>> If 192.168.0.0/24 is your internal network (as roadwarrior-net seems to
>> imply)
>> then the line that you commented out is the one that is correct.
>>
>>> conn %default
>>> #keyingtries=3
>>> keyingtries=0
>>
>> I don't recommend keyingtries=0 for Road Warriors, because the
>> connection will be retried indefinitely after it is set up.
>>
>>> compress=yes
>>> disablearrivalcheck=no
>>> authby=secret
>>> type=tunnel
>>> keyexchange=ike
>>> ikelifetime=240m
>>> keylife=60m
>>
>> I never had to specify these explicitly. Openswan's defaults should be
>> fine. You could try to comment out these. And move the authby= to the
>> individual connection sections.
>>
>>> conn roadwarrior-l2tp
>>> leftsubnet=192.168.0.0/24
>>
>> No, this is not correct. Can you replace this
>> with leftnexthop=192.168.0.1 (or whatever the IP
>> address is of the NAT router before the VPN server).
>> Idem for roadwarrior-l2tp-updatedwin.
>>
>> I still recommend certificates instead of PSKs.
>>
>> Jacco
>> --
>> Jacco de Leeuw mailto:jacco2 at dds.nl
>> Zaandam, The Netherlands http://www.jacco2.dds.nl
>>
>>
>> --
>> No virus found in this incoming message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 04/08/2005
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 04/08/2005
>
>
More information about the Users
mailing list