[Openswan Users] Please analyze: deleting connection
vee y
vee_yi at yahoo.co.id
Wed Aug 31 11:59:05 CEST 2005
please analyze my configuration..
I've already configure it all and try to ping from my
client using XP and already has the output "IPSEC
Security Negotiation". But I still can't connect to my
internal LAN behind the ipsec server. I use vpn
connection with protocol L2TP/IPSEC but it gives me
error 792: The L2TP connection attempt failed because
negotiation timed out.
Below is my configuration in ipsec.conf:
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
plutowait=no
uniqueids=yes
nat_traversal=yes
virtualprivate=%v4:10.0.0.0/8, %v4:172.16.0.0/16,
%v4:192.168.0.0/24
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
leftrsasigkey=%cert
rightrsasigkey=%cert
authby=rsasig
conn roadwarrior-net
leftsubnet=172.16.0.0/16
also=roadwarrior
conn roadwarrior
auto=add
left=%defaultroute
leftcert=vpn.localhost.localdomain.pem
pfs=yes
right=%any
rightsubnet=vhost:%no,%priv
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
The log shows me this below:
Aug 29 17:54:38 localhost pluto[19189]: packet from
X.X.X.X:2852: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Aug 29 17:54:38 localhost pluto[19189]: packet from
X.X.X.X:2852: ignoring Vendor ID payload
[FRAGMENTATION]
Aug 29 17:54:38 localhost pluto[19189]: packet from
X.X.X.X:2852: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]
Aug 29 17:54:38 localhost pluto[19189]: packet from
X.X.X.X:2852: ignoring Vendor ID payload [xxxxxx]
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: responding to Main
Mode from unknown peer X.X.X.X:2852
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: transition from
state (null) to state STATE_MAIN_R1
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: no suitable
connection for peer 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:54:39 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X, CN=
vpn.localhost.localdomain, E=x at localhost.localdomain'
Aug 29 17:54:39 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #3
7: no suitable connection for peer 'C=ID, ST=Jakarta,
L=JKT, O=X, CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:39 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:54:41 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:41 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: no suitable
connection for peer 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:41 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:54:45 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:45 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: no suitable
connection for peer 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:45 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:54:53 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:53 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: no suitable
connection for peer 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:53 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:55:09 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: encrypted
Informational Exchange message is invalid because it
is for incomplete ISAKMP SA
Aug 29 17:55:48 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: max number of
retransmissions (2) reached STATE_MAIN_R2
Aug 29 17:55:48 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852: deleting connection
"roadwarrior" instance with peer X.X.X.X
X.X.X.X is my client public IP that try to connect to
server and establish the connection.
And I don't have any l2tpd run in my ipsec server. Is
it needed to make the connection established? If I
don't use it, how can I make vpn connection to my
internal LAN behind my server that is also my gateway
__________________________________________________
Apakah Anda Yahoo!?
Lelah menerima spam? Surat Yahoo! memiliki perlindungan terbaik terhadap spam
http://id.mail.yahoo.com
More information about the Users
mailing list