[Openswan Users] Let's give it another try... Windows XP problems?!

Vincent Tieleman v_tieleman at hotmail.com
Fri Jul 15 13:40:46 CEST 2005


Hello,
 
So I'm back again and still can't figure out why my XP machine is unable
to connect to my openswan server.
Recall both my client and server are NAT-ed and I have the registry
patch installed.
The odd thing is when I use exactly the same setup for my linux box, all
works fine, but when using windows XP it is unable to connect!
I thought maybe the log would clarify things a bit?
 
--- Linux box connecting ---
 
Jul 15 14:18:07 backoffice pluto[11626]: packet from <client ip>:15091:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jul 15 14:18:07 backoffice pluto[11626]: packet from <client ip>:15091:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but
already using method 108
Jul 15 14:18:07 backoffice pluto[11626]: packet from <client ip>:15091:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[5] <client
ip>:15091 #4: responding to Main Mode from unknown peer <client
ip>:15091
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[5] <client
ip>:15091 #4: transition from state (null) to state STATE_MAIN_R1
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[5] <client
ip>:15091 #4: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[5] <client
ip>:15091 #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[5] <client
ip>:15091 #4: Peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Gelderland,
L=Doesburg, O=Trefa Continu Aerating Systems BV, OU=Kantoor, CN=Vincent
Tieleman, E=<email>'
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[5] <client
ip>:15091 #4: crl update for "C=NL, ST=Gelderland, L=Doesburg, O=Trefa
Continu Aerating Systems BV, OU=Kantoor, CN=Rik Ruesen, E=<email>" is
overdue since Jul 14 13:44:25 UTC 2005
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[6] <client
ip>:15091 #4: deleting connection "roadwarrior-l2tp" instance with peer
<client ip> {isakmp=#0/ipsec=#0}
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[6] <client
ip>:15091 #4: I am sending my cert
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[6] <client
ip>:15091 #4: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior-l2tp"[6] <client
ip>:15091 #4: sent MR3, ISAKMP SA established
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior"[2] <client
ip>:15091 #5: responding to Quick Mode
Jul 15 14:18:07 backoffice pluto[11626]: "roadwarrior"[2] <client
ip>:15091 #5: transition from state (null) to state STATE_QUICK_R1
Jul 15 14:18:08 backoffice pluto[11626]: "roadwarrior"[2] <client
ip>:15091 #5: transition from state STATE_QUICK_R1 to state
STATE_QUICK_R2
Jul 15 14:18:08 backoffice pluto[11626]: "roadwarrior"[2] <client
ip>:15091 #5: IPsec SA established {ESP=>0x3bffb88f <0x91a93ba4
IPCOMP=>0x000038a1 <0x00003ec5 NATOA=0.0.0.0}
 
 
--- Windows XP connecting ---
 
Jul 15 14:19:42 backoffice pluto[11626]: packet from <client ip>:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jul 15 14:19:42 backoffice pluto[11626]: packet from <client ip>:500:
ignoring Vendor ID payload [FRAGMENTATION]
Jul 15 14:19:42 backoffice pluto[11626]: packet from <client ip>:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jul 15 14:19:42 backoffice pluto[11626]: packet from <client ip>:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Jul 15 14:19:42 backoffice pluto[11626]: "roadwarrior-l2tp"[7] <client
ip> #6: responding to Main Mode from unknown peer <client ip>
Jul 15 14:19:42 backoffice pluto[11626]: "roadwarrior-l2tp"[7] <client
ip> #6: transition from state (null) to state STATE_MAIN_R1
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[7] <client
ip> #6: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03:
both are NATed
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[7] <client
ip> #6: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[7] <client
ip> #6: Peer ID is ID_DER_ASN1_DN: 'C=NL, ST=Gelderland, L=Doesburg,
O=Trefa Continu Aerating Systems BV, OU=Kantoor, CN=Vincent Tieleman,
E=<email>'
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[7] <client
ip> #6: crl update for "C=NL, ST=Gelderland, L=Doesburg, O=Trefa Continu
Aerating Systems BV, OU=Kantoor, CN=Rik Ruesen, E=<email>" is overdue
since Jul 14 13:44:25 UTC 2005
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[8] <client
ip> #6: deleting connection "roadwarrior-l2tp" instance with peer
<client ip> {isakmp=#0/ipsec=#0}
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[8] <client
ip> #6: I am sending my cert
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[8] <client
ip> #6: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 15 14:19:43 backoffice pluto[11626]: | NAT-T: new mapping <client
ip>:500/15104)
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[8] <client
ip>:15104 #6: sent MR3, ISAKMP SA established
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[8] <client
ip>:15104 #6: cannot respond to IPsec SA request because no connection
is known for <server ip>/32===10.0.0.151:4500[C=NL, ST=Gelderland,
L=Doesburg, O=Trefa Continu Aerating Systems BV, OU=Kantoor, CN=Rik
Ruesen, E=<email>]:17/1701...<client ip>:15104[C=NL, ST=Gelderland,
L=Doesburg, O=Trefa Continu Aerating Systems BV, OU=Kantoor, CN=Vincent
Tieleman, E=<email>]:17/1701
Jul 15 14:19:43 backoffice pluto[11626]: "roadwarrior-l2tp"[8] <client
ip>:15104 #6: sending encrypted notification INVALID_ID_INFORMATION to
<client ip>:15104
Jul 15 14:19:44 backoffice pluto[11626]: "roadwarrior-l2tp"[8] <client
ip>:15104 #6: Quick Mode I1 message is unacceptable because it uses a
previously used Message ID 0xee67226d (perhaps this is a duplicated
packet)
Jul 15 14:19:44 backoffice pluto[11626]: "roadwarrior-l2tp"[8] <client
ip>:15104 #6: sending encrypted notification INVALID_MESSAGE_ID to
<client ip>:15104
 
 
Anyone have any idea's why the top works and the bottom doesn't?
 
Vincent
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050715/b8c5dbb7/attachment-0001.htm


More information about the Users mailing list