[Openswan Users] another roadwarrior problem

Dominik Schmid dominik_schmid at gmx.ch
Thu Feb 10 23:31:32 CET 2005 

Hello dear openswan users!

I have a Linux Machine with a interface and one virtual ip address:

gateway 192.168.0.1------ 192.168.0.0/24 -----(virtual ip)- 192.168.0.12 
linux-box 194.11.222.1 ----------------------------- 194.11.222.15

But i have little truble with this errors:

The 194.11.222.15 ip is from a windows xp sp1 machine which i have to 
put with vpn on my local 192.168.0.0/24 network.
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
I am sending my cert
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
sent MR3, ISAKMP SA established
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
Virtual IP 194.11.222.15/32 is already used by '(none)'
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
Your ID is 'C=CH, ST=anywhere, L=anywhere, O=client, OU=client, 
CN=client, E=client'
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
cannot respond to IPsec SA request because no connection is known for
194.11.222.1[C=CH, ST=anywhere, L=anywhere, O=dominik, OU=dominik, 
CN=Dominik Schmid, E=dominik_schmid at gmx.ch]:17/0...194.11.222.15[C=CH, 
ST=anywhere, L=anywhere, O=client, OU=client, CN=client, E=client]:17/1701
Feb 10 23:09:37 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
sending encrypted notification INVALID_ID_INFORMATION to 194.11.222.15:500
Feb 10 23:09:38 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
Quick Mode I1 message is unacceptable because it uses a previously used 
Message ID 0xfffc446e (perhaps this is a duplicated packet)
Feb 10 23:09:38 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
sending encrypted notification INVALID_MESSAGE_ID to 
194.11.222.15:500Feb 10 23:09:40 dominik pluto[17592]: "roadwarrior"[2] 
194.11.222.15 #1: Quick Mode I1 message is unacceptable because it uses 
a previously used Message ID 0xfffc446e (perhaps this is a duplicated 
packet)
Feb 10 23:09:40 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
sending encrypted notification INVALID_MESSAGE_ID to 
194.11.222.15:500Feb 10 23:09:44 dominik pluto[17592]: "roadwarrior"[2] 
194.11.222.15 #1: Quick Mode I1 message is unacceptable because it uses 
a previously used Message ID 0xfffc446e (perhaps this is a duplicated 
packet)
Feb 10 23:09:44 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
sending encrypted notification INVALID_MESSAGE_ID to 
194.11.222.15:500Feb 10 23:09:52 dominik pluto[17592]: "roadwarrior"[2] 
194.11.222.15 #1: Quick Mode I1 message is unacceptable because it uses 
a previously used Message ID 0xfffc446e (perhaps this is a duplicated 
packet)
Feb 10 23:09:52 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
sending encrypted notification INVALID_MESSAGE_ID to 
194.11.222.15:500Feb 10 23:10:08 dominik pluto[17592]: "roadwarrior"[2] 
194.11.222.15 #1: Quick Mode I1 message is unacceptable because it uses 
a previously used Message ID 0xfffc446e (perhaps this is a duplicated 
packet)
Feb 10 23:10:08 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15 #1: 
sending encrypted notification INVALID_MESSAGE_ID to 
194.11.222.15:500Feb 10 23:10:40 dominik pluto[17592]: "roadwarrior"[2] 
194.11.222.15 #1: received Delete SA payload: deleting ISAKMP State #1
Feb 10 23:10:40 dominik pluto[17592]: "roadwarrior"[2] 194.11.222.15: 
deleting connection "roadwarrior" instance with peer 194.11.222.15 
{isakmp=#0/ipsec=#0}

----------------------------------------------------------------------------------------------------------------------------------------------------

The config is:

version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=194.11.222.0/255.255.255.0
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=dominik.schmid.ch.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

conn roadwarrior-l2tp
        type=transport
        left=%defaultroute
        leftcert=dominik.schmid.ch.pem
        leftprotoport=17/1701
        right=%any
        rightprotoport=17/1701
        pfs=no
        auto=add

conn roadwarrior-l2tp-oldwin
        left=%defaultroute
        leftcert=dominik.schmid.ch.pem
        leftprotoport=17/0
        right=%any
        rightprotoport=17/1701
        rightsubnet=vhost:%no,%priv
        pfs=no
        auto=add

Might you give me a little hint?

Thanks Dominik

More information about the Users mailing list