[Openswan Users] another roadwarrior problem
Dominik Schmid
dominik_schmid at gmx.ch
Thu Feb 10 23:31:32 CET 2005
Hello dear openswan users!
I have a Linux Machine with a interface and one virtual ip address:
gateway 192.168.0.1------ 192.168.0.0/24 -----(virtual ip)- 192.168.0.12
linux-box 194.11.222.1 ----------------------------- 194.11.222.15
But i have little truble with this errors:
The 194.11.222.15 ip is from a windows xp sp1 machine which i have to
put with vpn on my local 192.168.0.0/24 network.
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
I am sending my cert
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
sent MR3, ISAKMP SA established
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
Virtual IP 194.11.222.15/32 is already used by '(none)'
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
Your ID is 'C=CH, ST=anywhere, L=anywhere, O=client, OU=client,
CN=client, E=client'
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
cannot respond to IPsec SA request because no connection is known for
194.11.222.1[C=CH, ST=anywhere, L=anywhere, O=dominik, OU=dominik,
CN=Dominik Schmid, E=dominik_schmid at gmx.ch]:17/0...194.11.222.15[C=CH,
ST=anywhere, L=anywhere, O=client, OU=client, CN=client, E=client]:17/1701
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
sending encrypted notification INVALID_ID_INFORMATION to 194.11.222.15:500
Feb 10 23:09:38 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0xfffc446e (perhaps this is a duplicated packet)
Feb 10 23:09:38 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
sending encrypted notification INVALID_MESSAGE_ID to
194.11.222.15:500Feb 10 23:09:40 dominik pluto[17592]: "roadwarrior"[2]
194.11.222.15 #1: Quick Mode I1 message is unacceptable because it uses
a previously used Message ID 0xfffc446e (perhaps this is a duplicated
packet)
Feb 10 23:09:40 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
sending encrypted notification INVALID_MESSAGE_ID to
194.11.222.15:500Feb 10 23:09:44 dominik pluto[17592]: "roadwarrior"[2]
194.11.222.15 #1: Quick Mode I1 message is unacceptable because it uses
a previously used Message ID 0xfffc446e (perhaps this is a duplicated
packet)
Feb 10 23:09:44 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
sending encrypted notification INVALID_MESSAGE_ID to
194.11.222.15:500Feb 10 23:09:52 dominik pluto[17592]: "roadwarrior"[2]
194.11.222.15 #1: Quick Mode I1 message is unacceptable because it uses
a previously used Message ID 0xfffc446e (perhaps this is a duplicated
packet)
Feb 10 23:09:52 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
sending encrypted notification INVALID_MESSAGE_ID to
194.11.222.15:500Feb 10 23:10:08 dominik pluto[17592]: "roadwarrior"[2]
194.11.222.15 #1: Quick Mode I1 message is unacceptable because it uses
a previously used Message ID 0xfffc446e (perhaps this is a duplicated
packet)
Feb 10 23:10:08 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1:
sending encrypted notification INVALID_MESSAGE_ID to
194.11.222.15:500Feb 10 23:10:40 dominik pluto[17592]: "roadwarrior"[2]
194.11.222.15 #1: received Delete SA payload: deleting ISAKMP State #1
Feb 10 23:10:40 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15:
deleting connection "roadwarrior" instance with peer 194.11.222.15
{isakmp=#0/ipsec=#0}
----------------------------------------------------------------------------------------------------------------------------------------------------
The config is:
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=194.11.222.0/255.255.255.0
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=dominik.schmid.ch.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior-l2tp
type=transport
left=%defaultroute
leftcert=dominik.schmid.ch.pem
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
pfs=no
auto=add
conn roadwarrior-l2tp-oldwin
left=%defaultroute
leftcert=dominik.schmid.ch.pem
leftprotoport=17/0
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
pfs=no
auto=add
Might you give me a little hint?
Thanks Dominik
More information about the Users
mailing list