[Openswan Users]
Stefano Pazzaglia
stefano.pazzaglia at fastwebnet.it
Tue Aug 9 01:43:37 CEST 2005
Are you speaking seriously when you talk about fluke?
However, these are my new logs, do you know how can I solve netlink error?
Aug 8 23:33:24 Orione l2tpd[8181]: check_control: control, cid = 0, Ns = 4,
Nr = 20
Aug 8 23:33:44 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #2:
IPsec SA expired (LATEST!)
Aug 8 23:33:45 Orione pluto[11837]: ERROR: netlink XFRM_MSG_DELPOLICY
response for flow int.0 at 0.0.0.0 included errno 2: No s
uch file or directory
Aug 8 23:33:50 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #7:
responding to Quick Mode {msgid:bd413adc}
Aug 8 23:33:50 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #7:
transition from state STATE_QUICK_R0 to state STATE
_QUICK_R1
Aug 8 23:33:50 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #7:
transition from state STATE_QUICK_R1 to state STATE
_QUICK_R2
Aug 8 23:33:50 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #7:
IPsec SA established {ESP=>0xe3ef7844 <0xbd3513c2 x
frm=3DES_0-HMAC_MD5 NATD=213.140.19.123}
Aug 8 23:33:54 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #6:
max number of retransmissions (2) reached STATE_QUI
CK_I1
Aug 8 23:33:54 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #6:
starting keying attempt 5 of an unlimited number
Aug 8 23:33:54 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #8:
initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace
#6 {using isakmp#1}
Aug 8 23:33:54 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #1:
ignoring informational payload, type INVALID_ID_INF
ORMATION
Aug 8 23:33:54 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #1:
received and ignored informational message
Aug 8 23:34:24 Orione l2tpd[8181]: check_control: control, cid = 0, Ns = 4,
Nr = 21
Aug 8 23:35:04 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #8:
max number of retransmissions (2) reached STATE_QUI
CK_I1
Aug 8 23:35:04 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #8:
starting keying attempt 6 of an unlimited number
Aug 8 23:35:04 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #9:
initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace
#8 {using isakmp#1}
Aug 8 23:35:04 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #1:
ignoring informational payload, type INVALID_ID_INF
ORMATION
Aug 8 23:35:04 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #1:
received and ignored informational message
Aug 8 23:35:24 Orione l2tpd[8181]: check_control: control, cid = 0, Ns = 4,
Nr = 22
Aug 8 23:35:33 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #10:
initiating Main Mode to replace #1
Aug 8 23:36:08 Orione postfix/smtpd[12283]: connect from
unknown[192.168.0.102]
Aug 8 23:36:08 Orione postfix/smtpd[12283]: disconnect from
unknown[192.168.0.102]
Aug 8 23:36:14 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #9:
max number of retransmissions (2) reached STATE_QUI
CK_I1
Aug 8 23:36:14 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #9:
starting keying attempt 7 of an unlimited number
Aug 8 23:36:24 Orione l2tpd[8181]: check_control: control, cid = 0, Ns = 4,
Nr = 23
Aug 8 23:37:24 Orione l2tpd[8181]: check_control: control, cid = 0, Ns = 4,
Nr = 24
Aug 8 23:38:24 Orione l2tpd[8181]: check_control: control, cid = 0, Ns = 4,
Nr = 25
Aug 8 23:39:08 Orione postfix/smtpd[12327]: connect from
unknown[192.168.0.102]
Aug 8 23:39:08 Orione postfix/smtpd[12327]: disconnect from
unknown[192.168.0.102]
Aug 8 23:39:24 Orione l2tpd[8181]: check_control: control, cid = 0, Ns = 4,
Nr = 26
Aug 8 23:40:03 Orione pluto[11837]: "vpn-di-m...a"[2] 213.140.19.123 #1:
ISAKMP SA expired (LATEST!)
And this (not very much) nice message is given to me by ipsec auto --status
000 xxx.xxx.xxx.91/32:0 -6-> 192.168.0.200/32:0 => %hold 0
%acquire-netlink
----- Original Message -----
From: "Norman Rasmussen" <normanr at gmail.com>
To: "Stefano" <stefano.pazzaglia at fastwebnet.it>
Sent: Tuesday, August 09, 2005 12:15 AM
Subject: Re: [Openswan Users]
pfft, you probably find the one working case was a fluke. I'd wait
for 2.4, and then try again - that's basically what I'm doing.
On 08/08/05, Stefano <stefano.pazzaglia at fastwebnet.it> wrote:
> Any idea? :-(
> I'm wondering if I have to surrender, even if I think i'm not too far
> from
> the solution ...
>
>
>
> ----- Original Message -----
> From: "Stefano" <stefano.pazzaglia at fastwebnet.it>
> To: <users at openswan.org>
> Sent: Monday, August 08, 2005 12:03 PM
> Subject: Re: [Openswan Users]
>
>
> > But I think that I'm missing something. Last day I had changes something
> > in ipsec.conf (and damn me, I can't remember what!!!). But as you can
> > see
> > when ISAKMP expired another one had turned its place, so I guess THIS
> > ONE
> > was the right configuration for me. I would like to find back this
> > settings...
> >
> >
> >
> > Aug 5 13:09:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 287
> >
> > Aug 5 13:09:56 Orione nagios: Auto-save of retention data completed
> > successfully.
> >
> > Aug 5 13:10:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 288
> >
> > Aug 5 13:11:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 289
> >
> > Aug 5 13:11:57 Orione postfix/smtpd[15912]: connect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:11:57 Orione postfix/smtpd[15912]: disconnect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:12:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 290
> >
> > Aug 5 13:13:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 291
> >
> > Aug 5 13:14:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 292
> >
> > Aug 5 13:14:57 Orione postfix/smtpd[15972]: connect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:14:57 Orione postfix/smtpd[15972]: disconnect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:15:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 293
> >
> > Aug 5 13:16:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 294
> >
> > Aug 5 13:16:21 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #21:
> > initiating Main Mode
> >
> > Aug 5 13:17:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 295
> >
> > Aug 5 13:17:31 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #21:
> > max number of retransmissions (2) reached
> >
> > STATE_MAIN_I1. No response (or no acceptable response) to our first IKE
> > message
> >
> > Aug 5 13:17:31 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #21:
> > starting keying attempt 2 of at most 3
> >
> > Aug 5 13:17:31 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #22:
> > initiating Main Mode to replace #21
> >
> > Aug 5 13:17:57 Orione postfix/smtpd[16015]: connect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:17:57 Orione postfix/smtpd[16015]: disconnect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:18:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 296
> >
> > Aug 5 13:18:41 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #22:
> > max number of retransmissions (2) reached
> >
> > STATE_MAIN_I1. No response (or no acceptable response) to our first IKE
> > message
> >
> > Aug 5 13:18:41 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #22:
> > starting keying attempt 3 of at most 3
> >
> > Aug 5 13:18:41 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #23:
> > initiating Main Mode to replace #22
> >
> > Aug 5 13:19:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 297
> >
> > Aug 5 13:19:51 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #23:
> > max number of retransmissions (2) reached
> >
> > STATE_MAIN_I1. No response (or no acceptable response) to our first IKE
> > message
> >
> > Aug 5 13:19:53 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > Quick Mode message is for a non-existent (exp
> >
> > ired?) ISAKMP SA
> >
> > Aug 5 13:19:53 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > Quick Mode message is for a non-existent (exp
> >
> > ired?) ISAKMP SA
> >
> > Aug 5 13:19:55 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > Quick Mode message is for a non-existent (exp
> >
> > ired?) ISAKMP SA
> >
> > Aug 5 13:19:59 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > Quick Mode message is for a non-existent (exp
> >
> > ired?) ISAKMP SA
> >
> > Aug 5 13:20:07 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > Quick Mode message is for a non-existent (exp
> >
> > ired?) ISAKMP SA
> >
> > Aug 5 13:20:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 298
> >
> > Aug 5 13:20:24 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > Quick Mode message is for a non-existent (expired?) IS
> >
> > AKMP SA
> >
> > Aug 5 13:20:51 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123
> > #19:
> > IPsec SA expired (LATEST!)
> >
> > Aug 5 13:20:51 Orione pluto[11352]: "roadwarrior"[2] xxx.xxx.xxx.123:
> > deleting connection "roadwarrior" instance with peer 21
> >
> > 3.140.19.123 {isakmp=#0/ipsec=#0}
> >
> > Aug 5 13:20:56 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > Informational Exchange is for an unknown (expired?) SA
> >
> > Aug 5 13:20:56 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 000000
> >
> > 04]
> >
> > Aug 5 13:20:56 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > ignoring Vendor ID payload [FRAGMENTATION]
> >
> > Aug 5 13:20:56 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > received Vendor ID payload [draft-ietf-ipsec-nat-t-ike
> >
> > -02_n] method set to=106
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123
> > #24:
> > responding to Main Mode from unknown peer 213.140.1
> >
> > 9.123
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123
> > #24:
> > transition from state STATE_MAIN_R0 to state STATE_
> >
> > MAIN_R1
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123
> > #24:
> > NAT-Traversal: Result using draft-ietf-ipsec-nat-t-
> >
> > ike-02/03: both are NATed
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123
> > #24:
> > transition from state STATE_MAIN_R1 to state STATE_
> >
> > MAIN_R2
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[3] xxx.xxx.xxx.123
> > #24:
> > Main mode peer ID is ID_FQDN: '@pava-winzozz'
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123
> > #24:
> > deleting connection "roadwarrior" instance with pee
> >
> > r xxx.xxx.xxx.123 {isakmp=#0/ipsec=#0}
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123
> > #24:
> > I did not send a certificate because I do not have
> >
> > one.
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123
> > #24:
> > transition from state STATE_MAIN_R2 to state STATE_
> >
> > MAIN_R3
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123
> > #24:
> > sent MR3, ISAKMP SA established
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123
> > #25:
> > responding to Quick Mode {msgid:d383958c}
> >
> > Aug 5 13:20:56 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123
> > #25:
> > transition from state STATE_QUICK_R0 to state STATE
> >
> > _QUICK_R1
> >
> > Aug 5 13:20:57 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123
> > #25:
> > transition from state STATE_QUICK_R1 to state STATE
> >
> > _QUICK_R2
> >
> > Aug 5 13:20:57 Orione pluto[11352]: "roadwarrior"[4] xxx.xxx.xxx.123
> > #25:
> > IPsec SA established {ESP=>0x84872777 <0xc554a550 x
> >
> > frm=3DES_0-HMAC_MD5 NATD=xxx.xxx.xxx.123}
> >
> > Aug 5 13:20:57 Orione pluto[11352]: packet from xxx.xxx.xxx.123:25759:
> > Informational Exchange is for an unknown (expired?) SA
> >
> > Aug 5 13:20:58 Orione postfix/smtpd[16080]: connect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:20:58 Orione postfix/smtpd[16080]: disconnect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:21:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 299
> >
> > Aug 5 13:22:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 300
> >
> > Aug 5 13:23:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 301
> >
> > Aug 5 13:23:57 Orione postfix/smtpd[16126]: connect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:23:57 Orione postfix/smtpd[16126]: disconnect from
> > unknown[192.168.0.102]
> >
> > Aug 5 13:24:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 302
> >
> > Aug 5 13:25:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 303
> >
> > Aug 5 13:26:11 Orione l2tpd[8085]: check_control: control, cid = 0, Ns
> > =
> > 4, Nr = 304
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: "Norman Rasmussen" <normanr at gmail.com>
> > To: "Stefano" <stefano.pazzaglia at fastwebnet.it>
> > Cc: <users at openswan.org>
> > Sent: Monday, August 08, 2005 11:52 AM
> > Subject: Re: [Openswan Users]
> >
> >
> > Try openswan 2.4 when it comes out, it's supposed to have fixes for this
> > problem
> >
> > On 08/08/05, Stefano <stefano.pazzaglia at fastwebnet.it> wrote:
> >> No one can help me? It would be very important for me...
> >>
> >>
> >>
> >> ----- Original Message -----
> >> From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
> >> To: <users at openswan.org>
> >> Sent: Saturday, August 06, 2005 8:42 PM
> >> Subject: Re: [Openswan Users]
> >>
> >>
> >> > And this are my logs...
> >> >
> >> >
> >> > Aug 6 19:25:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 32
> >> > Aug 6 19:26:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 33
> >> > Aug 6 19:27:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 34
> >> > Aug 6 19:28:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 35
> >> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #7: initiating Quick Mode PSK+EN
> >> > CRYPT+COMPRESS+TUNNEL to replace #6 {using isakmp#1}
> >> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #1: ignoring informational paylo
> >> > ad, type INVALID_ID_INFORMATION
> >> > Aug 6 19:29:22 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #1: received and ignored informa
> >> > tional message
> >> > Aug 6 19:29:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 36
> >> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #7: max number of retransmission
> >> > s (2) reached STATE_QUICK_I1
> >> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #7: starting keying attempt 2 of
> >> > at most 3
> >> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #8: initiating Quick Mode PSK+EN
> >> > CRYPT+COMPRESS+TUNNEL to replace #7 {using isakmp#1}
> >> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #1: ignoring informational paylo
> >> > ad, type INVALID_ID_INFORMATION
> >> > Aug 6 19:30:32 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #1: received and ignored informa
> >> > tional message
> >> > Aug 6 19:30:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 37
> >> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #8: max number of retransmission
> >> > s (2) reached STATE_QUICK_I1
> >> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #8: starting keying attempt 3 of
> >> > at most 3
> >> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #9: initiating Quick Mode PSK+EN
> >> > CRYPT+COMPRESS+TUNNEL to replace #8 {using isakmp#1}
> >> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #1: ignoring informational paylo
> >> > ad, type INVALID_ID_INFORMATION
> >> > Aug 6 19:31:42 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #1: received and ignored informa
> >> > tional message
> >> > Aug 6 19:31:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 38
> >> > Aug 6 19:32:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 39
> >> > Aug 6 19:32:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #9: max number of retransmission
> >> > s (2) reached STATE_QUICK_I1
> >> > Aug 6 19:33:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 40
> >> > Aug 6 19:33:52 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #6: IPsec SA expired (LATEST!)
> >> > Aug 6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #10: responding to Quick Mode {m
> >> > sgid:21466768}
> >> > Aug 6 19:34:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #10: transition from state STATE
> >> > _QUICK_R0 to state STATE_QUICK_R1
> >> > Aug 6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #10: transition from state STATE
> >> > _QUICK_R1 to state STATE_QUICK_R2
> >> > Aug 6 19:34:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #10: IPsec SA established {ESP=>
> >> > 0x5a9ef1f4 <0xe2da3c97 xfrm=3DES_0-HMAC_MD5 NATD=xxx.xxx.xxx.123}
> >> > Aug 6 19:34:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 41
> >> > Aug 6 19:35:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 42
> >> > Aug 6 19:36:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 43
> >> > Aug 6 19:37:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 44
> >> > Aug 6 19:38:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 45
> >> > Aug 6 19:39:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 46
> >> > Aug 6 19:40:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 47
> >> > Aug 6 19:41:21 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #11: initiating Main Mode to rep
> >> > lace #1
> >> > Aug 6 19:41:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 48
> >> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #11: max number of retransmissio
> >> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable
> >> > response)
> >> > to
> >> > our first IKE message
> >> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #11: starting keying attempt 2 o
> >> > f at most 3
> >> > Aug 6 19:42:31 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #12: initiating Main Mode to rep
> >> > lace #11
> >> > Aug 6 19:42:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 49
> >> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #12: max number of retransmissio
> >> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable
> >> > response)
> >> > to
> >> > our first IKE message
> >> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #12: starting keying attempt 3 o
> >> > f at most 3
> >> > Aug 6 19:43:41 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #13: initiating Main Mode to rep
> >> > lace #12
> >> > Aug 6 19:43:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 50
> >> > Aug 6 19:44:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #13: max number of retransmissio
> >> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable
> >> > response)
> >> > to
> >> > our first IKE message
> >> > Aug 6 19:44:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 51
> >> > Aug 6 19:45:51 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #1: ISAKMP SA expired (LATEST!)
> >> > Aug 6 19:45:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 52
> >> > Aug 6 19:46:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 53
> >> > Aug 6 19:47:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 54
> >> > Aug 6 19:48:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 55
> >> > Aug 6 19:49:08 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #14: initiating Main Mode
> >> > Aug 6 19:49:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 56
> >> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #14: max number of retransmissio
> >> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable
> >> > response)
> >> > to
> >> > our first IKE message
> >> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #14: starting keying attempt 2 o
> >> > f at most 3
> >> > Aug 6 19:50:18 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #15: initiating Main Mode to rep
> >> > lace #14
> >> > Aug 6 19:50:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 57
> >> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #15: max number of retransmissio
> >> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable
> >> > response)
> >> > to
> >> > our first IKE message
> >> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #15: starting keying attempt 3 o
> >> > f at most 3
> >> > Aug 6 19:51:28 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #16: initiating Main Mode to rep
> >> > lace #15
> >> > Aug 6 19:51:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 58
> >> > Aug 6 19:52:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #16: max number of retransmissio
> >> > ns (2) reached STATE_MAIN_I1. No response (or no acceptable
> >> > response)
> >> > to
> >> > our first IKE message
> >> > Aug 6 19:52:51 Orione l2tpd[8136]: check_control: control, cid = 0,
> >> > Ns
> >> > =
> >> > 5, Nr = 59
> >> > Aug 6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123 #10: IPsec SA expired (LATEST!)
> >> > Aug 6 19:53:38 Orione pluto[10646]: "roadwarrior-l2tp-updatedwin"[2]
> >> > xxx.xxx.xxx.123: deleting connection "roadwarrio
> >> > r-l2tp-updatedwin" instance with peer xxx.xxx.xxx.123
> >> > {isakmp=#0/ipsec=#0}
> >> > Aug 6 19:53:56 Orione l2tpd[8136]: control_xmit: Maximum retries
> >> > exceeded
> >> > for tunnel 50998. Closing.
> >> > Aug 6 19:53:56 Orione pppd[10759]: Terminating on signal 15.
> >> > Aug 6 19:53:56 Orione pppd[10759]: Modem hangup
> >> > Aug 6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down started
> >> > (pid
> >> > 11660)
> >> > Aug 6 19:53:56 Orione pppd[10759]: Connection terminated.
> >> > Aug 6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
> >> > Aug 6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974
> >> > bytes.
> >> > Aug 6 19:53:56 Orione pppd[10759]: Waiting for 1 child processes...
> >> > Aug 6 19:53:56 Orione pppd[10759]: script /etc/ppp/ip-down, pid
> >> > 11660
> >> > Aug 6 19:53:56 Orione pppd[10759]: Script /etc/ppp/ip-down finished
> >> > (pid
> >> > 11660), status = 0x1
> >> > Aug 6 19:53:56 Orione pppd[10759]: Connect time 58.1 minutes.
> >> > Aug 6 19:53:56 Orione pppd[10759]: Sent 1720 bytes, received 7974
> >> > bytes.
> >> > Aug 6 19:53:56 Orione pppd[10759]: Exit.
> >> > Aug 6 19:53:56 Orione l2tpd[8136]: call_close : Connection 51 closed
> >> > to
> >> > xxx.xxx.xxx.123, port 1701 (Timeout)
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > ----- Original Message -----
> >> > From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
> >> > To: <users at openswan.org>
> >> > Sent: Saturday, August 06, 2005 7:00 PM
> >> > Subject: Re: [Openswan Users]
> >> >
> >> >
> >> >> No, this way it dowsn't work.
> >> >> However yesterday in the morning I was in a hurry 'cause I had to go
> >> >> to
> >> >> work, and I was making some changed to my ipsec.conf. After
> >> >> restarted
> >> >> ipsec I went to my office and there I tried to change something in
> >> >> ipsec.conf to make it work. Hours passed and my home <-> VPN
> >> >> connection
> >> >> made using (home modified) ipsec.conf seemed to work in a great way
> >> >> (I
> >> >> manually stopped from office after 500 minutes it was started).
> >> >> The ugly thing is that in the meantime I had made some changes to my
> >> >> ipsec.conf and I can't remember which. This is my ipsec.conf in this
> >> >> moment. It looks very simple, but WHY it doesnt work???
> >> >>
> >> >>
> >> >> version 2.0 # conforms to second version of ipsec.conf
> >> >> specification
> >> >>
> >> >> config setup
> >> >> interfaces=%defaultroute
> >> >> klipsdebug=none
> >> >> plutodebug=none
> >> >> nat_traversal=yes
> >> >> virtual_private=%v4:192.168.0.0/24
> >> >>
> >> >>
> >> >> conn roadwarrior-l2tp-updatedwin
> >> >> keyingtries=3
> >> >> compress=yes
> >> >> disablearrivalcheck=no
> >> >> authby=secret
> >> >> type=tunnel
> >> >> keyexchange=ike
> >> >> ikelifetime=23m
> >> >> keylife=19m
> >> >> leftprotoport=17/1701
> >> >> rightprotoport=17/1701
> >> >> pfs=no
> >> >> left=%defaultroute
> >> >> right=%any
> >> >> auto=add
> >> >>
> >> >> include /etc/ipsec.d/examples/no_oe.conf
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> ----- Original Message -----
> >> >> From: "Jacco de Leeuw" <jacco2 at dds.nl>
> >> >> To: <stefano.pazzaglia at fastwebnet.it>
> >> >> Sent: Thursday, August 04, 2005 5:51 PM
> >> >> Subject: Re: [Openswan Users]
> >> >>
> >> >>
> >> >>>
> >> >>>>
> >> >>>> #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.1.0/24,%v4:!192.168.0.0/24
> >> >>>>
> >> >>>> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
> >> >>>
> >> >>>
> >> >>> If 192.168.0.0/24 is your internal network (as roadwarrior-net
> >> >>> seems
> >> >>> to
> >> >>> imply)
> >> >>> then the line that you commented out is the one that is correct.
> >> >>>
> >> >>>> conn %default
> >> >>>> #keyingtries=3
> >> >>>> keyingtries=0
> >> >>>
> >> >>> I don't recommend keyingtries=0 for Road Warriors, because the
> >> >>> connection will be retried indefinitely after it is set up.
> >> >>>
> >> >>>> compress=yes
> >> >>>> disablearrivalcheck=no
> >> >>>> authby=secret
> >> >>>> type=tunnel
> >> >>>> keyexchange=ike
> >> >>>> ikelifetime=240m
> >> >>>> keylife=60m
> >> >>>
> >> >>> I never had to specify these explicitly. Openswan's defaults should
> >> >>> be
> >> >>> fine. You could try to comment out these. And move the authby= to
> >> >>> the
> >> >>> individual connection sections.
> >> >>>
> >> >>>> conn roadwarrior-l2tp
> >> >>>> leftsubnet=192.168.0.0/24
> >> >>>
> >> >>> No, this is not correct. Can you replace this
> >> >>> with leftnexthop=192.168.0.1 (or whatever the IP
> >> >>> address is of the NAT router before the VPN server).
> >> >>> Idem for roadwarrior-l2tp-updatedwin.
> >> >>>
> >> >>> I still recommend certificates instead of PSKs.
> >> >>>
> >> >>> Jacco
> >> >>> --
> >> >>> Jacco de Leeuw mailto:jacco2 at dds.nl
> >> >>> Zaandam, The Netherlands http://www.jacco2.dds.nl
> >> >>>
> >> >>>
> >> >>> --
> >> >>> No virus found in this incoming message.
> >> >>> Checked by AVG Anti-Virus.
> >> >>> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date:
> >> >>> 04/08/2005
> >> >>>
> >> >>>
> >> >>
> >> >> _______________________________________________
> >> >> Users mailing list
> >> >> Users at openswan.org
> >> >> http://lists.openswan.org/mailman/listinfo/users
> >> >>
> >> >>
> >> >> --
> >> >> No virus found in this incoming message.
> >> >> Checked by AVG Anti-Virus.
> >> >> Version: 7.0.338 / Virus Database: 267.10.1/64 - Release Date:
> >> >> 04/08/2005
> >> >>
> >> >>
> >> >
> >> > _______________________________________________
> >> > Users mailing list
> >> > Users at openswan.org
> >> > http://lists.openswan.org/mailman/listinfo/users
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at openswan.org
> >> http://lists.openswan.org/mailman/listinfo/users
> >>
> >
> >
> > --
> > - Norman Rasmussen
> > - Email: norman at rasmussen.co.za
> > - Home page: http://norman.rasmussen.co.za/
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.2/65 - Release Date: 07/08/2005
More information about the Users
mailing list