[Openswan Users] L2TP/IPsec with double NAT

Stefano Pazzaglia stefano.pazzaglia at fastwebnet.it
Fri Aug 12 21:24:03 CEST 2005 

No, it doesn't work! What am I doing wrong?

ipconfig /all:

Configurazione IP di Windows

        Nome host . . . . . . . . . . . . . . : pava-winzozz
        ......

Scheda Ethernet Connessione alla rete locale (LAN):

        Indirizzo fisico. . . . . . . . . . . : 00-20-ED-6B-23-47
        DHCP abilitato. . . . . . . . . . . . : Sì
        Indirizzo IP. . . . . . . . . . . . . : 37.xxx.xxx.xxx
        Subnet mask . . . . . . . . . . . . . : 255.255.248.0
        Gateway predefinito . . . . . . . . . : 37.xxx.xxx.1
        Server DHCP . . . . . . . . . . . . . : 37.xxx.xxx.xxx

Scheda PPP VPN:

        Suffisso DNS specifico per connessione:
        Descrizione . . . . . . . . . . . . . : WAN (PPP/SLIP) Interface
        Indirizzo fisico. . . . . . . . . . . : 00-53-45-00-00-00
        DHCP abilitato. . . . . . . . . . . . : No
        Indirizzo IP. . . . . . . . . . . . . : 192.168.0.200
        Subnet mask . . . . . . . . . . . . . : 255.255.255.255
        Gateway predefinito . . . . . . . . . : 192.168.0.200
        Server DNS . . . . . . . . . . . . .  : 192.168.0.100
                                            212.34.224.132
        Server WINS primario . . . . . . . .  : 192.168.0.100

Aug 12 19:14:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 16
Aug 12 19:15:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 17
Aug 12 19:16:12 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #3: 
initiating Quick Mode PSK+ENCRYPT+COMPRESS+TUNNEL to
replace #2 {using isakmp#1}
Aug 12 19:16:13 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #1: 
ignoring informational payload, type INVALID_ID_INFOR
MATION
Aug 12 19:16:13 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #1: 
received and ignored informational message
Aug 12 19:16:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 18
Aug 12 19:17:22 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #3: max 
number of retransmissions (2) reached STATE_QUICK
_I1
Aug 12 19:17:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 19
Aug 12 19:18:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 20
Aug 12 19:19:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 21
Aug 12 19:20:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 22
Aug 12 19:20:42 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #2: 
IPsec SA expired (LATEST!)
Aug 12 19:20:42 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #4: 
initiating Quick Mode PSK+ENCRYPT+COMPRESS+TUNNEL {us
ing isakmp#1}
Aug 12 19:20:42 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #1: 
ignoring informational payload, type INVALID_ID_INFOR
MATION
Aug 12 19:20:42 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #1: 
received and ignored informational message
Aug 12 19:20:49 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #5: 
responding to Quick Mode {msgid:aebc7ba1}
Aug 12 19:20:49 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #5: 
transition from state STATE_QUICK_R0 to state STATE_Q
UICK_R1
Aug 12 19:20:49 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #5: 
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
 expecting QI2
Aug 12 19:20:49 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #5: 
transition from state STATE_QUICK_R1 to state STATE_Q
UICK_R2
Aug 12 19:20:49 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #5: 
STATE_QUICK_R2: IPsec SA established {ESP=>0x32d6a6c4
 <0xfcbbe323 xfrm=3DES_0-HMAC_MD5 NATD=213.xxx.xxx.xxx:25782 DPD=none}
Aug 12 19:21:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 23
Aug 12 19:21:52 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #4: max 
number of retransmissions (2) reached STATE_QUICK
_I1
Aug 12 19:22:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 24
Aug 12 19:23:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 25
Aug 12 19:24:37 Orione postfix/smtpd[29582]: connect from 
unknown[192.168.0.102]
Aug 12 19:24:37 Orione postfix/smtpd[29582]: disconnect from 
unknown[192.168.0.102]
Aug 12 19:24:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 26
Aug 12 19:25:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 27
Aug 12 19:26:11 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #6: 
initiating Main Mode to replace #1
Aug 12 19:26:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 28
Aug 12 19:27:21 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #6: max 
number of retransmissions (2) reached STATE_MAIN_
I1.  No response (or no acceptable response) to our first IKE message
Aug 12 19:27:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 29
Aug 12 19:28:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 30
Aug 12 19:29:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 31
Aug 12 19:30:37 Orione postfix/smtpd[29938]: connect from 
unknown[192.168.0.102]
Aug 12 19:30:37 Orione postfix/smtpd[29938]: disconnect from 
unknown[192.168.0.102]
Aug 12 19:30:41 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #1: 
ISAKMP SA expired (LATEST!)
Aug 12 19:30:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 32
Aug 12 19:31:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 33
Aug 12 19:32:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 34
Aug 12 19:33:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 35
Aug 12 19:34:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 36
Aug 12 19:35:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 37
Aug 12 19:36:19 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #7: 
initiating Main Mode
Aug 12 19:36:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 38
Aug 12 19:37:29 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #7: max 
number of retransmissions (2) reached STATE_MAIN_
I1.  No response (or no acceptable response) to our first IKE message
Aug 12 19:37:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 39
Aug 12 19:38:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 40
Aug 12 19:39:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 41
Aug 12 19:40:42 Orione l2tpd[28979]: check_control: control, cid = 0, Ns = 
4, Nr = 42
Aug 12 19:40:49 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #5: 
IPsec SA expired (LATEST!)
Aug 12 19:40:49 Orione pluto[28823]: "I-hate-vpn"[2] 213.xxx.xxx.xxx: 
deleting connection "I-hate-vpn" instance with peer 213.
xxx.xxx.xxx {isakmp=#0/ipsec=#0}
Aug 12 19:41:18 Orione pluto[28823]: packet from 213.xxx.xxx.xxx:25782: 
Informational Exchange is for an unknown (expired?) SA
Aug 12 19:41:47 Orione l2tpd[28979]: control_xmit: Maximum retries exceeded 
for tunnel 38221.  Closing.
...[snip]






----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "Stefano" <stefano.pazzaglia at fastwebnet.it>
Cc: <users at openswan.org>
Sent: Friday, August 12, 2005 5:40 PM
Subject: Re: [Openswan Users] L2TP/IPsec with double NAT


> On Fri, 12 Aug 2005, Stefano wrote:
>
>> Thanks Paul,  l2tp/ip now seems to work between  a natted server and not 
>> natted client. But if I'd like to make a connection between both server 
>> and client natted, client has a subnet of 37.xxx.xxx.0 and server has an 
>> interface on lan 192.168.0.0/24 what I have to put in virtual_private and 
>> rightsubnet?
>
> in config setup:
>
> nat_traversal=yes
> virtual_privae="%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v437.xxx.xxx.xxx.0/24,!%v4:192.168.0.0/24"
>
> in the conn:
>
> rightsubnet=vhost:%no,%priv
>
> Paul
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.338 / Virus Database: 267.10.7/70 - Release Date: 11/08/2005
>
>

More information about the Users mailing list