[Openswan Users]
Stefano
stefano.pazzaglia at fastwebnet.it
Mon Aug 8 16:26:20 CEST 2005
Any idea? :-(
I'm wondering if I have to surrender, even if I think i'm not too far from
the solution ...
----- Original Message -----
From: "Stefano" <stefano.pazzaglia at fastwebnet.it>
To: <users at openswan.org>
Sent: Monday, August 08, 2005 12:03 PM
Subject: Re: [Openswan Users]
> But I think that I'm missing something. Last day I had changes something
> in ipsec.conf (and damn me, I can't remember what!!!). But as you can see
> when ISAKMP expired another one had turned its place, so I guess THIS ONE
> was the right configuration for me. I would like to find back this
> settings...
>
>
>
> Aug 5 13:09:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 287
>
> Aug 5 13:09:56 Orione nagios: Auto-save of retention data completed
> successfully.
>
> Aug 5 13:10:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 288
>
> Aug 5 13:11:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 289
>
> Aug 5 13:11:57 Orione postfix/smtpd[15912]: connect from
> unknown[192.168.0.102]
>
> Aug 5 13:11:57 Orione postfix/smtpd[15912]: disconnect from
> unknown[192.168.0.102]
>
> Aug 5 13:12:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 290
>
> Aug 5 13:13:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 291
>
> Aug 5 13:14:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 292
>
> Aug 5 13:14:57 Orione postfix/smtpd[15972]: connect from
> unknown[192.168.0.102]
>
> Aug 5 13:14:57 Orione postfix/smtpd[15972]: disconnect from
> unknown[192.168.0.102]
>
> Aug 5 13:15:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 293
>
> Aug 5 13:16:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 294
>
> Aug 5 13:16:21 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #21:
> initiating Main Mode
>
> Aug 5 13:17:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 295
>
> Aug 5 13:17:31 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #21:
> max number of retransmissions (2) reached
>
> STATE_MAIN_I1. No response (or no acceptable response) to our first IKE
> message
>
> Aug 5 13:17:31 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #21:
> starting keying attempt 2 of at most 3
>
> Aug 5 13:17:31 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #22:
> initiating Main Mode to replace #21
>
> Aug 5 13:17:57 Orione postfix/smtpd[16015]: connect from
> unknown[192.168.0.102]
>
> Aug 5 13:17:57 Orione postfix/smtpd[16015]: disconnect from
> unknown[192.168.0.102]
>
> Aug 5 13:18:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 296
>
> Aug 5 13:18:41 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #22:
> max number of retransmissions (2) reached
>
> STATE_MAIN_I1. No response (or no acceptable response) to our first IKE
> message
>
> Aug 5 13:18:41 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #22:
> starting keying attempt 3 of at most 3
>
> Aug 5 13:18:41 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #23:
> initiating Main Mode to replace #22
>
> Aug 5 13:19:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 297
>
> Aug 5 13:19:51 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #23:
> max number of retransmissions (2) reached
>
> STATE_MAIN_I1. No response (or no acceptable response) to our first IKE
> message
>
> Aug 5 13:19:53 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> Quick Mode message is for a non-existent (exp
>
> ired?) ISAKMP SA
>
> Aug 5 13:19:53 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> Quick Mode message is for a non-existent (exp
>
> ired?) ISAKMP SA
>
> Aug 5 13:19:55 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> Quick Mode message is for a non-existent (exp
>
> ired?) ISAKMP SA
>
> Aug 5 13:19:59 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> Quick Mode message is for a non-existent (exp
>
> ired?) ISAKMP SA
>
> Aug 5 13:20:07 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> Quick Mode message is for a non-existent (exp
>
> ired?) ISAKMP SA
>
> Aug 5 13:20:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 298
>
> Aug 5 13:20:24 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> Quick Mode message is for a non-existent (expired?) IS
>
> AKMP SA
>
> Aug 5 13:20:51 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123 #19:
> IPsec SA expired (LATEST!)
>
> Aug 5 13:20:51 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123:
> deleting connection "roadwarrior" instance with peer 21
>
> 3.140.19.123 {isakmp=#0/ipsec=#0}
>
> Aug 5 13:20:56 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> Informational Exchange is for an unknown (expired?) SA
>
> Aug 5 13:20:56 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 000000
>
> 04]
>
> Aug 5 13:20:56 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> ignoring Vendor ID payload [FRAGMENTATION]
>
> Aug 5 13:20:56 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike
>
> -02_n] method set to=106
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123 #24:
> responding to Main Mode from unknown peer 213.140.1
>
> 9.123
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123 #24:
> transition from state STATE_MAIN_R0 to state STATE_
>
> MAIN_R1
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123 #24:
> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-
>
> ike-02/03: both are NATed
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123 #24:
> transition from state STATE_MAIN_R1 to state STATE_
>
> MAIN_R2
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123 #24:
> Main mode peer ID is ID_FQDN: '@pava-winzozz'
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123 #24:
> deleting connection "roadwarrior" instance with pee
>
> r xxx.xxx.xxx.123 {isakmp=#0/ipsec=#0}
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123 #24:
> I did not send a certificate because I do not have
>
> one.
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123 #24:
> transition from state STATE_MAIN_R2 to state STATE_
>
> MAIN_R3
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123 #24:
> sent MR3, ISAKMP SA established
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123 #25:
> responding to Quick Mode {msgid:d383958c}
>
> Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123 #25:
> transition from state STATE_QUICK_R0 to state STATE
>
> _QUICK_R1
>
> Aug 5 13:20:57 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123 #25:
> transition from state STATE_QUICK_R1 to state STATE
>
> _QUICK_R2
>
> Aug 5 13:20:57 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123 #25:
> IPsec SA established {ESP=>0x84872777 <0xc554a550 x
>
> frm=3DES_0-HMAC_MD5 NATD=xxx.xxx.xxx.123}
>
> Aug 5 13:20:57 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> Informational Exchange is for an unknown (expired?) SA
>
> Aug 5 13:20:58 Orione postfix/smtpd[16080]: connect from
> unknown[192.168.0.102]
>
> Aug 5 13:20:58 Orione postfix/smtpd[16080]: disconnect from
> unknown[192.168.0.102]
>
> Aug 5 13:21:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 299
>
> Aug 5 13:22:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 300
>
> Aug 5 13:23:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 301
>
> Aug 5 13:23:57 Orione postfix/smtpd[16126]: connect from
> unknown[192.168.0.102]
>
> Aug 5 13:23:57 Orione postfix/smtpd[16126]: disconnect from
> unknown[192.168.0.102]
>
> Aug 5 13:24:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 302
>
> Aug 5 13:25:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 303
>
> Aug 5 13:26:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns =
> 4, Nr = 304
>
>
>
>
>
> ----- Original Message -----
> From: "Norman Rasmussen" <normanr at gmail.com>
> To: "Stefano" <stefano.pazzaglia at fastwebnet.it>
> Cc: <users at openswan.org>
> Sent: Monday, August 08, 2005 11:52 AM
> Subject: Re: [Openswan Users]
>
>
> Try openswan 2.4 when it comes out, it's supposed to have fixes for this
> problem
>
> On 08/08/05, Stefano <stefano.pazzaglia at fastwebnet.it> wrote:
>> No one can help me? It would be very important for me...
>>
>>
>>
>> ----- Original Message -----
>> From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
>> To: <users at openswan.org>
>> Sent: Saturday, August 06, 2005 8:42 PM
>> Subject: Re: [Openswan Users]
>>
>>
>> > And this are my logs...
>> >
>> >
>> > Aug 6 19:25:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 32
>> > Aug 6 19:26:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 33
>> > Aug 6 19:27:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 34
>> > Aug 6 19:28:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 35
>> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #7: initiating Quick Mode PSK+EN
>> > CRYPT+COMPRESS+TUNNEL to replace #6 {using isakmp#1}
>> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #1: ignoring informational paylo
>> > ad, type INVALID_ID_INFORMATION
>> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #1: received and ignored informa
>> > tional message
>> > Aug 6 19:29:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 36
>> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #7: max number of retransmission
>> > s (2) reached STATE_QUICK_I1
>> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #7: starting keying attempt 2 of
>> > at most 3
>> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #8: initiating Quick Mode PSK+EN
>> > CRYPT+COMPRESS+TUNNEL to replace #7 {using isakmp#1}
>> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #1: ignoring informational paylo
>> > ad, type INVALID_ID_INFORMATION
>> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #1: received and ignored informa
>> > tional message
>> > Aug 6 19:30:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 37
>> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #8: max number of retransmission
>> > s (2) reached STATE_QUICK_I1
>> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #8: starting keying attempt 3 of
>> > at most 3
>> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #9: initiating Quick Mode PSK+EN
>> > CRYPT+COMPRESS+TUNNEL to replace #8 {using isakmp#1}
>> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #1: ignoring informational paylo
>> > ad, type INVALID_ID_INFORMATION
>> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #1: received and ignored informa
>> > tional message
>> > Aug 6 19:31:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 38
>> > Aug 6 19:32:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 39
>> > Aug 6 19:32:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #9: max number of retransmission
>> > s (2) reached STATE_QUICK_I1
>> > Aug 6 19:33:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 40
>> > Aug 6 19:33:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #6: IPsec SA expired (LATEST!)
>> > Aug 6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #10: responding to Quick Mode {m
>> > sgid:21466768}
>> > Aug 6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #10: transition from state STATE
>> > _QUICK_R0 to state STATE_QUICK_R1
>> > Aug 6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #10: transition from state STATE
>> > _QUICK_R1 to state STATE_QUICK_R2
>> > Aug 6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #10: IPsec SA established {ESP=>
>> > 0x5a9ef1f4 <0xe2da3c97 xfrm=3DES_0-HMAC_MD5 NATD=xxx.xxx.xxx.123}
>> > Aug 6 19:34:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 41
>> > Aug 6 19:35:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 42
>> > Aug 6 19:36:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 43
>> > Aug 6 19:37:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 44
>> > Aug 6 19:38:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 45
>> > Aug 6 19:39:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 46
>> > Aug 6 19:40:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 47
>> > Aug 6 19:41:21 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #11: initiating Main Mode to rep
>> > lace #1
>> > Aug 6 19:41:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 48
>> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #11: max number of retransmissio
>> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response)
>> > to
>> > our first IKE message
>> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #11: starting keying attempt 2 o
>> > f at most 3
>> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #12: initiating Main Mode to rep
>> > lace #11
>> > Aug 6 19:42:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 49
>> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #12: max number of retransmissio
>> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response)
>> > to
>> > our first IKE message
>> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #12: starting keying attempt 3 o
>> > f at most 3
>> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #13: initiating Main Mode to rep
>> > lace #12
>> > Aug 6 19:43:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 50
>> > Aug 6 19:44:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #13: max number of retransmissio
>> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response)
>> > to
>> > our first IKE message
>> > Aug 6 19:44:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 51
>> > Aug 6 19:45:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #1: ISAKMP SA expired (LATEST!)
>> > Aug 6 19:45:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 52
>> > Aug 6 19:46:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 53
>> > Aug 6 19:47:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 54
>> > Aug 6 19:48:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 55
>> > Aug 6 19:49:08 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #14: initiating Main Mode
>> > Aug 6 19:49:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 56
>> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #14: max number of retransmissio
>> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response)
>> > to
>> > our first IKE message
>> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #14: starting keying attempt 2 o
>> > f at most 3
>> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #15: initiating Main Mode to rep
>> > lace #14
>> > Aug 6 19:50:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 57
>> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #15: max number of retransmissio
>> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response)
>> > to
>> > our first IKE message
>> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #15: starting keying attempt 3 o
>> > f at most 3
>> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #16: initiating Main Mode to rep
>> > lace #15
>> > Aug 6 19:51:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 58
>> > Aug 6 19:52:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #16: max number of retransmissio
>> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable response)
>> > to
>> > our first IKE message
>> > Aug 6 19:52:51 Orione l2tpd[8136]: check_control: control, cid = 0, Ns
>> > =
>> > 5, Nr = 59
>> > Aug 6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123 #10: IPsec SA expired (LATEST!)
>> > Aug 6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
>> > xxx.xxx.xxx.123: deleting connection "roadwarrio
>> > r-l2tp-updatedwin" instance with peer xxx.xxx.xxx.123
>> > {isakmp=#0/ipsec=#0}
>> > Aug 6 19:53:56 Orione l2tpd[8136]: control_xmit: Maximum retries
>> > exceeded
>> > for tunnel 50998. Closing.
>> > Aug 6 19:53:56 Orione pppd[10759]: Terminating on signal 15.
>> > Aug 6 19:53:56 Orione pppd[10759]: Modem hangup
>> > Aug 6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down started
>> > (pid
>> > 11660)
>> > Aug 6 19:53:56 Orione pppd[10759]: Connection terminated.
>> > Aug 6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
>> > Aug 6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974
>> > bytes.
>> > Aug 6 19:53:56 Orione pppd[10759]: Waiting for 1 child processes...
>> > Aug 6 19:53:56 Orione pppd[10759]: script /etc/ppp/ip-down, pid
>> > 11660
>> > Aug 6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down finished
>> > (pid
>> > 11660), status = 0x1
>> > Aug 6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
>> > Aug 6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974
>> > bytes.
>> > Aug 6 19:53:56 Orione pppd[10759]: Exit.
>> > Aug 6 19:53:56 Orione l2tpd[8136]: call_close : Connection 51 closed
>> > to
>> > xxx.xxx.xxx.123, port 1701 (Timeout)
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > ----- Original Message -----
>> > From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
>> > To: <users at openswan.org>
>> > Sent: Saturday, August 06, 2005 7:00 PM
>> > Subject: Re: [Openswan Users]
>> >
>> >
>> >> No, this way it dowsn't work.
>> >> However yesterday in the morning I was in a hurry 'cause I had to go
>> >> to
>> >> work, and I was making some changed to my ipsec.conf. After restarted
>> >> ipsec I went to my office and there I tried to change something in
>> >> ipsec.conf to make it work. Hours passed and my home <-> VPN
>> >> connection
>> >> made using (home modified) ipsec.conf seemed to work in a great way (I
>> >> manually stopped from office after 500 minutes it was started).
>> >> The ugly thing is that in the meantime I had made some changes to my
>> >> ipsec.conf and I can't remember which. This is my ipsec.conf in this
>> >> moment. It looks very simple, but WHY it doesnt work???
>> >>
>> >>
>> >> version 2.0 # conforms to second version of ipsec.conf
>> >> specification
>> >>
>> >> config setup
>> >> interfaces=%defaultroute
>> >> klipsdebug=none
>> >> plutodebug=none
>> >> nat_traversal=yes
>> >> virtual_private=%v4:192.168.0.0/24
>> >>
>> >>
>> >> conn roadwarrior-l2tp-updatedwin
>> >> keyingtries=3
>> >> compress=yes
>> >> disablearrivalcheck=no
>> >> authby=secret
>> >> type=tunnel
>> >> keyexchange=ike
>> >> ikelifetime=23m
>> >> keylife=19m
>> >> leftprotoport=17/1701
>> >> rightprotoport=17/1701
>> >> pfs=no
>> >> left=%defaultroute
>> >> right=%any
>> >> auto=add
>> >>
>> >> include /etc/ipsec.d/examples/no_oe.conf
>> >>
>> >>
>> >>
>> >>
>> >> ----- Original Message -----
>> >> From: "Jacco de Leeuw" <jacco2 at dds.nl>
>> >> To: <stefano.pazzaglia at fastwebnet.it>
>> >> Sent: Thursday, August 04, 2005 5:51 PM
>> >> Subject: Re: [Openswan Users]
>> >>
>> >>
>> >>>
>> >>>>
>> >>>> #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.0.0/24
>> >>>>
>> >>>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>> >>>
>> >>>
>> >>> If 192.168.0.0/24 is your internal network (as roadwarrior-net seems
>> >>> to
>> >>> imply)
>> >>> then the line that you commented out is the one that is correct.
>> >>>
>> >>>> conn %default
>> >>>> #keyingtries=3
>> >>>> keyingtries=0
>> >>>
>> >>> I don't recommend keyingtries=0 for Road Warriors, because the
>> >>> connection will be retried indefinitely after it is set up.
>> >>>
>> >>>> compress=yes
>> >>>> disablearrivalcheck=no
>> >>>> authby=secret
>> >>>> type=tunnel
>> >>>> keyexchange=ike
>> >>>> ikelifetime=240m
>> >>>> keylife=60m
>> >>>
>> >>> I never had to specify these explicitly. Openswan's defaults should
>> >>> be
>> >>> fine. You could try to comment out these. And move the authby= to the
>> >>> individual connection sections.
>> >>>
>> >>>> conn roadwarrior-l2tp
>> >>>> leftsubnet=192.168.0.0/24
>> >>>
>> >>> No, this is not correct. Can you replace this
>> >>> with leftnexthop=192.168.0.1 (or whatever the IP
>> >>> address is of the NAT router before the VPN server).
>> >>> Idem for roadwarrior-l2tp-updatedwin.
>> >>>
>> >>> I still recommend certificates instead of PSKs.
>> >>>
>> >>> Jacco
>> >>> --
>> >>> Jacco de Leeuw mailto:jacco2 at dds.nl
>> >>> Zaandam, The Netherlands http://www.jacco2.dds.nl
>> >>>
>> >>>
>> >>> --
>> >>> No virus found in this incoming message.
>> >>> Checked by AVG Anti-Virus.
>> >>> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date:
>> >>> 04/08/2005
>> >>>
>> >>>
>> >>
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at openswan.org
>> >> http://lists.openswan.org/mailman/listinfo/users
>> >>
>> >>
>> >> --
>> >> No virus found in this incoming message.
>> >> Checked by AVG Anti-Virus.
>> >> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date:
>> >> 04/08/2005
>> >>
>> >>
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at openswan.org
>> > http://lists.openswan.org/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>
>
> --
> - Norman Rasmussen
> - Email: norman at rasmussen.co.za
> - Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list