[Openswan Users] Issue with Certificate?
Tim P
panterafreak at gmail.com
Wed Aug 24 18:52:55 CEST 2005
I can't seem to establish a connection to my openswan setup though it
was working with old certs I had. I re-issued my certificates for the
gateway and for the users and am now getting errors for all clients
attempting to connect.
Am I missing something simple? This is on lan, no firewalls, routers
or bridges between my connections. I am using openswan + l2tpd to
authenticate/connect users.
/var/log/secure
Aug 24 05:46:41 gtds-vpnserver pluto[3593]: packet from
192.168.1.102:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000003]
Aug 24 05:46:41 gtds-vpnserver pluto[3593]: "roadwarrior"[1]
192.168.1.102 #1: responding to Main Mode from unknown peer
192.168.1.102
Aug 24 05:46:41 gtds-vpnserver pluto[3593]: "roadwarrior"[1]
192.168.1.102 #1: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1
Aug 24 05:46:41 gtds-vpnserver pluto[3593]: "roadwarrior"[1]
192.168.1.102 #1: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2
Aug 24 05:46:41 gtds-vpnserver pluto[3593]: "roadwarrior"[1]
192.168.1.102 #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=US,
ST=Washington, L=Seattle, O=GTDS, OU=Support, CN=lordvader,
E=tporritt at gmail.com'
Aug 24 05:46:41 gtds-vpnserver pluto[3593]: "roadwarrior"[1]
192.168.1.102 #1: crl update for "C=US, ST=Washington, L=Seattle,
O=GTD Solutions, LLC, OU=Support, CN=CA,
E=tim.porritt at gtdsolutions.com" is overdue since Aug 18 07:35:33 UTC
2005
Aug 24 05:46:41 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: deleting connection
"roadwarrior" instance with peer 192.168.1.102 {isakmp=#0/ipsec=#0}
Aug 24 05:46:41 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: I am sending my
cert
Aug 24 05:46:41 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 24 05:46:41 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: sent MR3, ISAKMP SA
established
Aug 24 05:46:41 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: cannot respond to
IPsec SA request because no connection is known for
192.168.1.152[C=US, ST=Washington, L=Seattle, O=GTDS, OU=Support,
CN=gtds-vpnsrvr.gtdsolutions.net,
E=tim.porritt at gtdsolutions.com]:17/0...192.168.1.102[C=US,
ST=Washington, L=Seattle, O=GTDS, OU=Support, CN=lordvader,
E=tporritt at gmail.com]:17/1701
Aug 24 05:46:41 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: sending encrypted
notification INVALID_ID_INFORMATION to 192.168.1.102:500
Aug 24 05:46:41 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: failed to build
notification for spisize=0
Aug 24 05:46:42 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0xd97a6a12 (perhaps this is a duplicated packet)
Aug 24 05:46:42 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:46:42 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: failed to build
notification for spisize=0
Aug 24 05:46:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0xd97a6a12 (perhaps this is a duplicated packet)
Aug 24 05:46:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:46:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: failed to build
notification for spisize=0
Aug 24 05:46:48 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0xd97a6a12 (perhaps this is a duplicated packet)
Aug 24 05:46:48 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:46:48 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: failed to build
notification for spisize=0
Aug 24 05:46:56 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0xd97a6a12 (perhaps this is a duplicated packet)
Aug 24 05:46:56 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:46:56 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: failed to build
notification for spisize=0
Aug 24 05:47:12 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0xd97a6a12 (perhaps this is a duplicated packet)
Aug 24 05:47:12 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:47:12 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: failed to build
notification for spisize=0
Aug 24 05:47:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102 #1: received Delete SA
payload: deleting ISAKMP State #1
Aug 24 05:47:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[1] 192.168.1.102: deleting connection
"roadwarrior-l2tp-updatedwin" instance with peer 192.168.1.102
{isakmp=#0/ipsec=#0}
Aug 24 05:47:44 gtds-vpnserver pluto[3593]: packet from
192.168.1.102:500: received and ignored informational message
Aug 24 05:48:44 gtds-vpnserver pluto[3593]: packet from
192.168.1.102:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000003]
Aug 24 05:48:44 gtds-vpnserver pluto[3593]: "roadwarrior"[2]
192.168.1.102 #2: responding to Main Mode from unknown peer
192.168.1.102
Aug 24 05:48:44 gtds-vpnserver pluto[3593]: "roadwarrior"[2]
192.168.1.102 #2: transition from state STATE_MAIN_R0 to state
STATE_MAIN_R1
Aug 24 05:48:44 gtds-vpnserver pluto[3593]: "roadwarrior"[2]
192.168.1.102 #2: transition from state STATE_MAIN_R1 to state
STATE_MAIN_R2
Aug 24 05:48:44 gtds-vpnserver pluto[3593]: "roadwarrior"[2]
192.168.1.102 #2: Main mode peer ID is ID_DER_ASN1_DN: 'C=US,
ST=Washington, L=Seattle, O=GTDS, OU=Support, CN=lordvader,
E=tporritt at gmail.com'
Aug 24 05:48:44 gtds-vpnserver pluto[3593]: "roadwarrior"[2]
192.168.1.102 #2: crl update for "C=US, ST=Washington, L=Seattle,
O=GTD Solutions, LLC, OU=Support, CN=CA,
E=tim.porritt at gtdsolutions.com" is overdue since Aug 18 07:35:33 UTC
2005
Aug 24 05:48:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: deleting connection
"roadwarrior" instance with peer 192.168.1.102 {isakmp=#0/ipsec=#0}
Aug 24 05:48:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: I am sending my
cert
Aug 24 05:48:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: transition from
state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 24 05:48:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: sent MR3, ISAKMP SA
established
Aug 24 05:48:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: cannot respond to
IPsec SA request because no connection is known for
192.168.1.152[C=US, ST=Washington, L=Seattle, O=GTDS, OU=Support,
CN=gtds-vpnsrvr.gtdsolutions.net,
E=tim.porritt at gtdsolutions.com]:17/0...192.168.1.102[C=US,
ST=Washington, L=Seattle, O=GTDS, OU=Support, CN=lordvader,
E=tporritt at gmail.com]:17/1701
Aug 24 05:48:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: sending encrypted
notification INVALID_ID_INFORMATION to 192.168.1.102:500
Aug 24 05:48:44 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: failed to build
notification for spisize=0
Aug 24 05:48:45 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x4dcc678d (perhaps this is a duplicated packet)
Aug 24 05:48:45 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:48:45 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: failed to build
notification for spisize=0
Aug 24 05:48:47 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x4dcc678d (perhaps this is a duplicated packet)
Aug 24 05:48:47 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:48:47 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: failed to build
notification for spisize=0
Aug 24 05:48:51 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x4dcc678d (perhaps this is a duplicated packet)
Aug 24 05:48:51 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:48:51 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: failed to build
notification for spisize=0
Aug 24 05:48:59 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x4dcc678d (perhaps this is a duplicated packet)
Aug 24 05:48:59 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:48:59 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: failed to build
notification for spisize=0
Aug 24 05:49:15 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: Quick Mode I1
message is unacceptable because it uses a previously used Message ID
0x4dcc678d (perhaps this is a duplicated packet)
Aug 24 05:49:15 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: sending encrypted
notification INVALID_MESSAGE_ID to 192.168.1.102:500
Aug 24 05:49:15 gtds-vpnserver pluto[3593]:
"roadwarrior-l2tp-updatedwin"[2] 192.168.1.102 #2: failed to build
notification for spisize=0
More information about the Users
mailing list