[Openswan Users] L2TP/IPsec with double NAT

Stefano Pazzaglia stefano.pazzaglia at fastwebnet.it
Fri Aug 12 23:41:11 CEST 2005 

Sorry, bad copy & paste...

----- Original Message ----- 
From: "Stefano Pazzaglia" <stefano.pazzaglia at fastwebnet.it>
To: <users at openswan.org>
Sent: Friday, August 12, 2005 10:09 PM
Subject: Re: [Openswan Users] Openswan + L2TP


> No way...
>
> Aug 12 21:33:52 Orione l2tpd[741]: check_control: control, cid = 0, Ns = 
> 4, Nr = 17
> Aug 12 21:34:22 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #3: 
> initiating Quick Mode PSK+ENCRYPT+COMPRESS+TUNNEL to re
> place #2 {using isakmp#1}
> Aug 12 21:34:22 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #1: 
> ignoring informational payload, type INVALID_ID_INFORMA
> TION
> Aug 12 21:34:22 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #1: 
> received and ignored informational message
> Aug 12 21:34:52 Orione l2tpd[741]: check_control: control, cid = 0, Ns = 
> 4, Nr = 18
> Aug 12 21:35:32 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #3: max 
> number of retransmissions (2) reached STATE_QUICK_I
> 1
> Aug 12 21:35:52 Orione l2tpd[741]: check_control: control, cid = 0, Ns = 
> 4, Nr = 19
> Aug 12 21:36:52 Orione l2tpd[741]: check_control: control, cid = 0, Ns = 
> 4, Nr = 20
> Aug 12 21:37:52 Orione l2tpd[741]: check_control: control, cid = 0, Ns = 
> 4, Nr = 21
> Aug 12 21:38:52 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #2: 
> IPsec SA expired (LATEST!)
> Aug 12 21:38:52 Orione pluto[578]: ERROR: netlink XFRM_MSG_DELPOLICY 
> response for flow int.0 at 0.0.0.0 included errno 2: No suc
> h file or directory
> Aug 12 21:38:57 Orione l2tpd[741]: control_xmit: Maximum retries exceeded 
> for tunnel 15618.  Closing.
> Aug 12 21:38:57 Orione pppd[759]: Terminating on signal 15.
> Aug 12 21:38:57 Orione pppd[759]: Modem hangup
> Aug 12 21:38:57 Orione pppd[759]: Script /etc/ppp/ip-down started (pid 
> 1265)
> Aug 12 21:38:57 Orione pppd[759]: Connection terminated.
> Aug 12 21:38:57 Orione pppd[759]: Connect time 20.1 minutes.
> Aug 12 21:38:57 Orione pppd[759]: Sent 1443370 bytes, received 240363 
> bytes.
> Aug 12 21:38:57 Orione pppd[759]: Waiting for 1 child processes...
> Aug 12 21:38:57 Orione pppd[759]:   script /etc/ppp/ip-down, pid 1265
> Aug 12 21:38:57 Orione pppd[759]: Script /etc/ppp/ip-down finished (pid 
> 1265), status = 0x1
> Aug 12 21:38:57 Orione pppd[759]: Connect time 20.1 minutes.
> Aug 12 21:38:57 Orione pppd[759]: Sent 1443370 bytes, received 240363 
> bytes.
> Aug 12 21:38:57 Orione pppd[759]: Exit.
> Aug 12 21:38:57 Orione l2tpd[741]: call_close : Connection 35 closed to 
> 213.xxx.xxx.xxx, port 1701 (Timeout)
> Aug 12 21:39:00 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #4: 
> responding to Quick Mode {msgid:d8b310cb}
> Aug 12 21:39:00 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #4: 
> transition from state STATE_QUICK_R0 to state STATE_QUI
> CK_R1
> Aug 12 21:39:00 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #4: 
> STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, e
> xpecting QI2
> Aug 12 21:39:00 Orione l2tpd[741]: get_call: can't find call 61015 in 
> tunnel 15618
> Aug 12 21:39:00 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #4: 
> transition from state STATE_QUICK_R1 to state STATE_QUI
> CK_R2
> Aug 12 21:39:00 Orione pluto[578]: "I-hate-vpn"[2] 213.xxx.xxx.xxx #4: 
> STATE_QUICK_R2: IPsec SA established {ESP=>0xaf5681fa <
> 0xc5e76fa8 xfrm=3DES_0-HMAC_MD5 NATD=213.xxx.xxx.xxx:25272 DPD=none}
> Aug 12 21:39:01 Orione l2tpd[741]: get_call: can't find call 61015 in 
> tunnel 15618
>
>
>
>
> ----- Original Message ----- 
> From: "Jacco de Leeuw" <jacco2 at dds.nl>
> To: <users at openswan.org>
> Sent: Friday, August 12, 2005 9:39 PM
> Subject: Re: [Openswan Users] Openswan + L2TP
>
>
>> Marcos Ferreira da Silva wrote:
>>
>>> Could I run a script when the client connect and get the IP?
>>
>> Well, there's the /etc/ppp/ip-up script (man pppd)...
>>
>>> /usr/sbin/pppd: The remote system is required to authenticate itself
>>> /usr/sbin/pppd: but I couldn't find any suitable secret (password) for
>>> it to use to do so.
>>> /usr/sbin/pppd: (None of the available passwords would let it use an IP
>>> address.)
>>>
>>> /etc/ppp/chap-secrets
>>> *       markin  "teste" 192.168.99.130
>>> markin  *       "teste" 192.168.99.130
>>
>> Perhaps 192.168.99.130 is not within the 'ip range'
>> in l2tpd.conf? Or you configured a static virtual IP
>> address on the client which is not 192.168.99.130?
>>
>> Jacco
>> -- 
>> Jacco de Leeuw                         mailto:jacco2 at dds.nl
>> Zaandam, The Netherlands           http://www.jacco2.dds.nl
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>>
>> -- 
>> No virus found in this incoming message.
>> Checked by AVG Anti-Virus.
>> Version: 7.0.338 / Virus Database: 267.10.7/70 - Release Date: 11/08/2005
>>
>>
>

More information about the Users mailing list