[Openswan Users] Openswan trouble

Yiannis Mavroukakis yiannis at jaguarfreight.com
Thu Jan 13 09:57:17 CET 2005


Hello :) I'm an OpenSwan virgin so bear with me if what I'm describing
is painfully
stupid..

I've managed to get everything up but not quite running..
When I initiate the connection from the Windows XP box (which is behind
a NAT firewall) the connection to the VPN server suddenly drops!(i.e.
while logged in via ssh)

This is what I get on the server logs

Jan 12 14:48:45 firewall pluto[5085]: packet from 217.207.x.x:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004] 
Jan 12 14:48:45 firewall pluto[5085]: packet from 217.207.x.x:500:
ignoring Vendor ID payload [FRAGMENTATION] 
Jan 12 14:48:45 firewall pluto[5085]: packet from 217.207.x.x:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106 
Jan 12 14:48:45 firewall pluto[5085]: packet from 217.207.x.x:500:
ignoring Vendor ID payload [Vid-Initial-Contact] Jan 12 14:48:45
firewall pluto[5085]: "roadwarrior"[3] 217.207.x.x #2: responding to
Main Mode from unknown peer 217.207.x.x 
Jan 12 14:48:45 firewall pluto[5085]: "roadwarrior"[3] 217.207.x.x #2:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 
Jan 12 14:48:45 firewall pluto[5085]: "roadwarrior"[3] 217.207.x.x #2:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed 
Jan 12 14:48:45 firewall pluto[5085]: "roadwarrior"[3] 217.207.x.x #2:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 
Jan 12 14:48:45 firewall pluto[5085]: "roadwarrior"[3] 217.207.x.x #2:
Main mode peer ID is ID_DER_ASN1_DN: 'C=UK, ST=London, O=Chaos, OU=IT,
CN=John, E=yiannis at jaguarfreight.com'
Jan 12 14:48:46 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x #2:
deleting connection "roadwarrior" instance with peer 217.207.x.x
{isakmp=#0/ipsec=#0} 
Jan 12 14:48:46 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x #2: I
am sending my cert 
Jan 12 14:48:46 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x #2:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 
Jan 12 14:48:46 firewall pluto[5085]: | NAT-T: new mapping
217.207.x.x:500/64053) 
Jan 12 14:48:46 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x:64053
#2: sent MR3, ISAKMP SA established Jan 12 14:48:46 firewall
pluto[5085]: "roadwarrior"[4] 217.207.x.x:64053 #2: cannot respond to
IPsec SA request because no connection is known for
83.216.x.x:4500[C=UK, ST=London, O=Chaos, OU=IT, CN=Jander,
E=jander at darthvader.us]...217.207.x.x:64053[C=UK, ST=London, O=Chaos,
OU=IT, CN=John, E=yiannis at jaguarfreight.com]===192.168.5.131/32
Jan 12 14:48:46 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x:64053
#2: sending encrypted notification INVALID_ID_INFORMATION to
217.207.x.x:64053 Jan 12 14:48:47 firewall pluto[5085]: "roadwarrior"[4]
217.207.x.x:64053 #2: Quick Mode I1 message is unacceptable because it
uses a previously used Message ID 0xdbac070b (perhaps this is a
duplicated packet) 
Jan 12 14:48:47 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x:64053
#2: sending encrypted notification INVALID_MESSAGE_ID to
217.207.x.x:64053 
Jan 12 14:48:49 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x:64053
#2: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0xdbac070b (perhaps this is a duplicated packet) 
Jan 12 14:48:49 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x:64053
#2: sending encrypted notification INVALID_MESSAGE_ID to
217.207.x.x:64053 
Jan 12 14:48:53 firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x:64053
#2: received Delete SA payload: deleting ISAKMP State #2 Jan 12 14:48:53
firewall pluto[5085]: "roadwarrior"[4] 217.207.x.x:64053: deleting
connection "roadwarrior" instance with peer 217.207.x.x
{isakmp=#0/ipsec=#0} 
Jan 12 14:48:53 firewall pluto[5085]: packet from 217.207.x.x:64053:
received and ignored informational message

Any help will be appreciated!

Yiannis

Note:__________________________________________________________________
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Jaguar Freight Services and any of its subsidiaries
each reserve the right to monitor all e-mail communications through its
networks.
Any views expressed in this message are those of the individual sender,
except where the message states otherwise and the sender is authorized
to state them to be the views of any such entity.
________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs.


More information about the Users mailing list