[Openswan Users] Please analyze: deleting connection

vee y vee_yi at yahoo.co.id
Wed Aug 31 11:59:05 CEST 2005


please analyze my configuration..
I've already configure it all and try to ping from my
client using XP and already has the output "IPSEC
Security Negotiation". But I still can't connect to my
internal LAN behind the ipsec server. I use vpn
connection with protocol L2TP/IPSEC but it gives me
error 792: The L2TP connection attempt failed because
negotiation timed out.

Below is my configuration in ipsec.conf:
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        plutowait=no
        uniqueids=yes
        nat_traversal=yes
	virtualprivate=%v4:10.0.0.0/8, %v4:172.16.0.0/16,
%v4:192.168.0.0/24

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        authby=rsasig

conn roadwarrior-net
        leftsubnet=172.16.0.0/16
        also=roadwarrior

conn roadwarrior
        auto=add
        left=%defaultroute
        leftcert=vpn.localhost.localdomain.pem
        pfs=yes
        right=%any
        rightsubnet=vhost:%no,%priv

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore


The log shows me this below:

Aug 29 17:54:38 localhost pluto[19189]: packet from
X.X.X.X:2852: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Aug 29 17:54:38 localhost pluto[19189]: packet from
X.X.X.X:2852: ignoring Vendor ID payload
[FRAGMENTATION]
Aug 29 17:54:38 localhost pluto[19189]: packet from
X.X.X.X:2852: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n]
Aug 29 17:54:38 localhost pluto[19189]: packet from
X.X.X.X:2852: ignoring Vendor ID payload [xxxxxx]
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: responding to Main
Mode from unknown peer X.X.X.X:2852
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: transition from
state (null) to state STATE_MAIN_R1
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: no suitable
connection for peer 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:38 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:54:39 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X, CN=
vpn.localhost.localdomain, E=x at localhost.localdomain'
Aug 29 17:54:39 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #3
7: no suitable connection for peer 'C=ID, ST=Jakarta,
L=JKT, O=X, CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:39 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:54:41 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:41 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: no suitable
connection for peer 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:41 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:54:45 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:45 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: no suitable
connection for peer 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:45 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:54:53 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: Main mode peer ID
is ID_DER_ASN1_DN: 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:53 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: no suitable
connection for peer 'C=ID, ST=Jakarta, L=JKT, O=X,
CN=vpn.localhost.localdomain,
E=x at localhost.localdomain'
Aug 29 17:54:53 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: sending
notification INVALID_ID_INFORMATION to X.X.X.X:2852
Aug 29 17:55:09 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: encrypted
Informational Exchange message is invalid because it
is for incomplete ISAKMP SA
Aug 29 17:55:48 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852 #37: max number of
retransmissions (2) reached STATE_MAIN_R2
Aug 29 17:55:48 localhost pluto[19189]:
"roadwarrior"[25] X.X.X.X:2852: deleting connection
"roadwarrior" instance with peer X.X.X.X

X.X.X.X  is my client public IP that try to connect to
server and establish the connection.

And I don't have any l2tpd run in my ipsec server. Is
it needed to make the connection established? If I
don't use it, how can I make vpn connection to my
internal LAN behind my server that is also my gateway



__________________________________________________
Apakah Anda Yahoo!?
Lelah menerima spam?  Surat Yahoo! memiliki perlindungan terbaik terhadap spam  
http://id.mail.yahoo.com 


More information about the Users mailing list