[Openswan Users]
Norman Rasmussen
normanr at gmail.com
Mon Aug 8 12:52:03 CEST 2005
Try openswan 2.4 when it comes out, it's supposed to have fixes for this problem
On 08/08/05, Stefano <stefano.pazzaglia at fastwebnet.it> wrote:
> No one can help me? It would be very important for me...
>
>
>
> ----- Original Message -----
> From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
> To: <users at openswan.org>
> Sent: Saturday, August 06, 2005 8:42 PM
> Subject: Re: [Openswan Users]
>
>
> > And this are my logs...
> >
> >
> > Aug 6 19:25:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 32
> > Aug 6 19:26:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 33
> > Aug 6 19:27:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 34
> > Aug 6 19:28:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 35
> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #7: initiating Quick Mode PSK+EN
> > CRYPT+COMPRESS+TUNNEL to replace #6 {using isakmp#1}
> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #1: ignoring informational paylo
> > ad, type INVALID_ID_INFORMATION
> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #1: received and ignored informa
> > tional message
> > Aug 6 19:29:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 36
> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #7: max number of retransmission
> > s (2) reached STATE_QUICK_I1
> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #7: starting keying attempt 2 of
> > at most 3
> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #8: initiating Quick Mode PSK+EN
> > CRYPT+COMPRESS+TUNNEL to replace #7 {using isakmp#1}
> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #1: ignoring informational paylo
> > ad, type INVALID_ID_INFORMATION
> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #1: received and ignored informa
> > tional message
> > Aug 6 19:30:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 37
> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #8: max number of retransmission
> > s (2) reached STATE_QUICK_I1
> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #8: starting keying attempt 3 of
> > at most 3
> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #9: initiating Quick Mode PSK+EN
> > CRYPT+COMPRESS+TUNNEL to replace #8 {using isakmp#1}
> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #1: ignoring informational paylo
> > ad, type INVALID_ID_INFORMATION
> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #1: received and ignored informa
> > tional message
> > Aug 6 19:31:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 38
> > Aug 6 19:32:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 39
> > Aug 6 19:32:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #9: max number of retransmission
> > s (2) reached STATE_QUICK_I1
> > Aug 6 19:33:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 40
> > Aug 6 19:33:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #6: IPsec SA expired (LATEST!)
> > Aug 6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #10: responding to Quick Mode {m
> > sgid:21466768}
> > Aug 6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #10: transition from state STATE
> > _QUICK_R0 to state STATE_QUICK_R1
> > Aug 6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #10: transition from state STATE
> > _QUICK_R1 to state STATE_QUICK_R2
> > Aug 6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #10: IPsec SA established {ESP=>
> > 0x5a9ef1f4 <0xe2da3c97 xfrm=3DES_0-HMAC_MD5 NATD=xxx.xxx.xxx.123}
> > Aug 6 19:34:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 41
> > Aug 6 19:35:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 42
> > Aug 6 19:36:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 43
> > Aug 6 19:37:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 44
> > Aug 6 19:38:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 45
> > Aug 6 19:39:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 46
> > Aug 6 19:40:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 47
> > Aug 6 19:41:21 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #11: initiating Main Mode to rep
> > lace #1
> > Aug 6 19:41:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 48
> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #11: max number of retransmissio
> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
> > our first IKE message
> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #11: starting keying attempt 2 o
> > f at most 3
> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #12: initiating Main Mode to rep
> > lace #11
> > Aug 6 19:42:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 49
> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #12: max number of retransmissio
> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
> > our first IKE message
> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #12: starting keying attempt 3 o
> > f at most 3
> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #13: initiating Main Mode to rep
> > lace #12
> > Aug 6 19:43:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 50
> > Aug 6 19:44:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #13: max number of retransmissio
> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
> > our first IKE message
> > Aug 6 19:44:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 51
> > Aug 6 19:45:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #1: ISAKMP SA expired (LATEST!)
> > Aug 6 19:45:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 52
> > Aug 6 19:46:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 53
> > Aug 6 19:47:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 54
> > Aug 6 19:48:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 55
> > Aug 6 19:49:08 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #14: initiating Main Mode
> > Aug 6 19:49:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 56
> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #14: max number of retransmissio
> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
> > our first IKE message
> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #14: starting keying attempt 2 o
> > f at most 3
> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #15: initiating Main Mode to rep
> > lace #14
> > Aug 6 19:50:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 57
> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #15: max number of retransmissio
> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
> > our first IKE message
> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #15: starting keying attempt 3 o
> > f at most 3
> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #16: initiating Main Mode to rep
> > lace #15
> > Aug 6 19:51:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 58
> > Aug 6 19:52:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #16: max number of retransmissio
> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response) to
> > our first IKE message
> > Aug 6 19:52:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns =
> > 5, Nr = 59
> > Aug 6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123 #10: IPsec SA expired (LATEST!)
> > Aug 6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> > xxx.xxx.xxx.123: deleting connection "roadwarrio
> > r-l2tp-updatedwin" instance with peer xxx.xxx.xxx.123 {isakmp=#0/ipsec=#0}
> > Aug 6 19:53:56 Orione l2tpd[8136]: control_xmit: Maximum retries exceeded
> > for tunnel 50998. Closing.
> > Aug 6 19:53:56 Orione pppd[10759]: Terminating on signal 15.
> > Aug 6 19:53:56 Orione pppd[10759]: Modem hangup
> > Aug 6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down started (pid
> > 11660)
> > Aug 6 19:53:56 Orione pppd[10759]: Connection terminated.
> > Aug 6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
> > Aug 6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974 bytes.
> > Aug 6 19:53:56 Orione pppd[10759]: Waiting for 1 child processes...
> > Aug 6 19:53:56 Orione pppd[10759]: script /etc/ppp/ip-down, pid 11660
> > Aug 6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down finished (pid
> > 11660), status = 0x1
> > Aug 6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
> > Aug 6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974 bytes.
> > Aug 6 19:53:56 Orione pppd[10759]: Exit.
> > Aug 6 19:53:56 Orione l2tpd[8136]: call_close : Connection 51 closed to
> > xxx.xxx.xxx.123, port 1701 (Timeout)
> >
> >
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
> > To: <users at openswan.org>
> > Sent: Saturday, August 06, 2005 7:00 PM
> > Subject: Re: [Openswan Users]
> >
> >
> >> No, this way it dowsn't work.
> >> However yesterday in the morning I was in a hurry 'cause I had to go to
> >> work, and I was making some changed to my ipsec.conf. After restarted
> >> ipsec I went to my office and there I tried to change something in
> >> ipsec.conf to make it work. Hours passed and my home <-> VPN connection
> >> made using (home modified) ipsec.conf seemed to work in a great way (I
> >> manually stopped from office after 500 minutes it was started).
> >> The ugly thing is that in the meantime I had made some changes to my
> >> ipsec.conf and I can't remember which. This is my ipsec.conf in this
> >> moment. It looks very simple, but WHY it doesnt work???
> >>
> >>
> >> version 2.0 # conforms to second version of ipsec.conf specification
> >>
> >> config setup
> >> interfaces=%defaultroute
> >> klipsdebug=none
> >> plutodebug=none
> >> nat_traversal=yes
> >> virtual_private=%v4:192.168.0.0/24
> >>
> >>
> >> conn roadwarrior-l2tp-updatedwin
> >> keyingtries=3
> >> compress=yes
> >> disablearrivalcheck=no
> >> authby=secret
> >> type=tunnel
> >> keyexchange=ike
> >> ikelifetime=23m
> >> keylife=19m
> >> leftprotoport=17/1701
> >> rightprotoport=17/1701
> >> pfs=no
> >> left=%defaultroute
> >> right=%any
> >> auto=add
> >>
> >> include /etc/ipsec.d/examples/no_oe.conf
> >>
> >>
> >>
> >>
> >> ----- Original Message -----
> >> From: "Jacco de Leeuw" <jacco2 at dds.nl>
> >> To: <stefano.pazzaglia at fastwebnet.it>
> >> Sent: Thursday, August 04, 2005 5:51 PM
> >> Subject: Re: [Openswan Users]
> >>
> >>
> >>>
> >>>>
> >>>> #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.0.0/24
> >>>>
> >>>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
> >>>
> >>>
> >>> If 192.168.0.0/24 is your internal network (as roadwarrior-net seems to
> >>> imply)
> >>> then the line that you commented out is the one that is correct.
> >>>
> >>>> conn %default
> >>>> #keyingtries=3
> >>>> keyingtries=0
> >>>
> >>> I don't recommend keyingtries=0 for Road Warriors, because the
> >>> connection will be retried indefinitely after it is set up.
> >>>
> >>>> compress=yes
> >>>> disablearrivalcheck=no
> >>>> authby=secret
> >>>> type=tunnel
> >>>> keyexchange=ike
> >>>> ikelifetime=240m
> >>>> keylife=60m
> >>>
> >>> I never had to specify these explicitly. Openswan's defaults should be
> >>> fine. You could try to comment out these. And move the authby= to the
> >>> individual connection sections.
> >>>
> >>>> conn roadwarrior-l2tp
> >>>> leftsubnet=192.168.0.0/24
> >>>
> >>> No, this is not correct. Can you replace this
> >>> with leftnexthop=192.168.0.1 (or whatever the IP
> >>> address is of the NAT router before the VPN server).
> >>> Idem for roadwarrior-l2tp-updatedwin.
> >>>
> >>> I still recommend certificates instead of PSKs.
> >>>
> >>> Jacco
> >>> --
> >>> Jacco de Leeuw mailto:jacco2 at dds.nl
> >>> Zaandam, The Netherlands http://www.jacco2.dds.nl
> >>>
> >>>
> >>> --
> >>> No virus found in this incoming message.
> >>> Checked by AVG Anti-Virus.
> >>> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date:
> >>> 04/08/2005
> >>>
> >>>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at openswan.org
> >> http://lists.openswan.org/mailman/listinfo/users
> >>
> >>
> >> --
> >> No virus found in this incoming message.
> >> Checked by AVG Anti-Virus.
> >> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date: 04/08/2005
> >>
> >>
> >
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list