[Openswan Users] Connecting to Openswan from Windows XP Pro
Tim P
panterafreak at gmail.com
Wed Jul 20 12:38:59 CEST 2005
Ok I have seen multiple threads and have been through google but I
haven't been able to figure it out.
I am trying to use the standard setup in windows xp pro to get a vpn
connection functioning (ipsec over L2TP)
I created a certificate (p12 format) from my certificate authority.
Imported it into windows using the MMC method described here:
http://www.natecarlson.com/linux/ipsec-x509.php
The server is also configured with that site's config as a template
However instead of downloading the 3rd party ipsec client I was hoping
that I could use the built-in windows vpn client. I am running xp
professional with sp2 and the firewall disabled.
I create a new vpn connection to the server by going to start/control
panel/network connections
Add New Connection
Choose to "Connect to the network at my workplace"
Choose "Virtual Private Network connection"
Enter the companyname
Choose not to dial the initail connection
Enter the ip address of the vpn server (192.168.1.254 - my test network)
Choose to leave it as "My Use only"
Finish the wizard
When the box opens (prompts for username/pass) click Properties
On the Options tab uncheck "prompt for username, password, certificate, etc)
On the Security tab leave as typlical but uncheck "require data encryption"
on the Networking tab under the VPN heading change it to L2TP IPSEC VPN
When I try to connect I get "Security Negotiation Timed out"
I have the oakley.log enabled and here is the output from that connection:
7-20: 11:17:54:605:b0 QM PolicyName: L2TP Optional Encryption Quick
Mode Policy dwFlags 0
7-20: 11:17:54:605:b0 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[0] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
7-20: 11:17:54:605:b0 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[1] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
7-20: 11:17:54:605:b0 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[2] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:605:b0 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
7-20: 11:17:54:605:b0 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[3] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:605:b0 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
7-20: 11:17:54:605:b0 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[4] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:605:b0 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: SHA
7-20: 11:17:54:605:b0 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[5] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:605:b0 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: MD5
7-20: 11:17:54:605:b0 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[6] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
7-20: 11:17:54:605:b0 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[7] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
7-20: 11:17:54:605:b0 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[8] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:605:b0 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
7-20: 11:17:54:605:b0 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[9] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:605:b0 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
7-20: 11:17:54:605:b0 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[10] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:605:b0 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
7-20: 11:17:54:605:b0 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:605:b0 QMOffer[11] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:605:b0 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:615:b0 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
7-20: 11:17:54:615:b0 QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:b0 QMOffer[12] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:b0 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
7-20: 11:17:54:615:b0 QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:b0 QMOffer[13] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:b0 Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
7-20: 11:17:54:615:b0 QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:b0 QMOffer[14] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:b0 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:615:b0 QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:b0 QMOffer[15] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:b0 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:615:b0 Internal Acquire: op=00000001
src=192.168.1.102.1701 dst=192.168.1.254.1701 proto = 17,
SrcMask=255.255.255.255, DstMask=255.255.255.255, Tunnel 0,
TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0,
InitiateEvent=00000598, IKE SrcPort=500 IKE DstPort=500
7-20: 11:17:54:615:324 Filter to match: Src 192.168.1.254 Dst 192.168.1.102
7-20: 11:17:54:615:324 MM PolicyName: L2TP Main Mode Policy
7-20: 11:17:54:615:324 MMPolicy dwFlags 8 SoftSAExpireTime 28800
7-20: 11:17:54:615:324 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 268435457
7-20: 11:17:54:615:324 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
7-20: 11:17:54:615:324 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
7-20: 11:17:54:615:324 MMOffer[1] Encrypt: Triple DES CBC Hash: SHA
7-20: 11:17:54:615:324 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
7-20: 11:17:54:615:324 MMOffer[2] Encrypt: Triple DES CBC Hash: MD5
7-20: 11:17:54:615:324 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
7-20: 11:17:54:615:324 MMOffer[3] Encrypt: DES CBC Hash: SHA
7-20: 11:17:54:615:324 MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
7-20: 11:17:54:615:324 MMOffer[4] Encrypt: DES CBC Hash: MD5
7-20: 11:17:54:615:324 Auth[0]:RSA Sig C=US, S=Washington, L=Seattle,
O="company", OU=Support, CN=CA, E=user at company.com AuthFlags 0
7-20: 11:17:54:615:324 QM PolicyName: L2TP Optional Encryption Quick
Mode Policy dwFlags 0
7-20: 11:17:54:615:324 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[0] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
7-20: 11:17:54:615:324 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[1] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
7-20: 11:17:54:615:324 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[2] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:615:324 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
7-20: 11:17:54:615:324 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[3] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:615:324 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
7-20: 11:17:54:615:324 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[4] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:615:324 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: SHA
7-20: 11:17:54:615:324 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[5] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:615:324 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: MD5
7-20: 11:17:54:615:324 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[6] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
7-20: 11:17:54:615:324 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[7] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
7-20: 11:17:54:615:324 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[8] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:615:324 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
7-20: 11:17:54:615:324 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[9] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:615:324 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
7-20: 11:17:54:615:324 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[10] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:615:324 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
7-20: 11:17:54:615:324 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[11] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:615:324 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
7-20: 11:17:54:615:324 QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[12] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
7-20: 11:17:54:615:324 QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[13] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
7-20: 11:17:54:615:324 QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[14] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:54:615:324 QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:54:615:324 QMOffer[15] dwFlags 0 dwPFSGroup 0
7-20: 11:17:54:615:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:54:615:324 Starting Negotiation: src =
192.168.1.102.0500, dst = 192.168.1.254.0500, proto = 17, context =
00000000, ProxySrc = 192.168.1.102.1701, ProxyDst = 192.168.1.254.1701
SrcMask = 0.0.0.0 DstMask = 0.0.0.0
7-20: 11:17:54:615:324 constructing ISAKMP Header
7-20: 11:17:54:615:324 constructing SA (ISAKMP)
7-20: 11:17:54:615:324 Constructing Vendor MS NT5 ISAKMPOAKLEY
7-20: 11:17:54:615:324 Constructing Vendor FRAGMENTATION
7-20: 11:17:54:615:324 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
7-20: 11:17:54:615:324 Constructing Vendor Vid-Initial-Contact
7-20: 11:17:54:615:324
7-20: 11:17:54:615:324 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:17:54:615:324 ISAKMP Header: (V1.0), len = 312
7-20: 11:17:54:615:324 I-COOKIE b74682e947159e71
7-20: 11:17:54:615:324 R-COOKIE 0000000000000000
7-20: 11:17:54:615:324 exchange: Oakley Main Mode
7-20: 11:17:54:615:324 flags: 0
7-20: 11:17:54:615:324 next payload: SA
7-20: 11:17:54:615:324 message ID: 00000000
7-20: 11:17:54:615:324 Ports S:f401 D:f401
7-20: 11:17:54:615:324 Activating InitiateEvent 00000598
7-20: 11:17:54:625:324
7-20: 11:17:54:625:324 Receive: (get) SA = 0x000f1748 from 192.168.1.254.500
7-20: 11:17:54:625:324 ISAKMP Header: (V1.0), len = 140
7-20: 11:17:54:625:324 I-COOKIE b74682e947159e71
7-20: 11:17:54:625:324 R-COOKIE fe41fed7230e70e1
7-20: 11:17:54:625:324 exchange: Oakley Main Mode
7-20: 11:17:54:625:324 flags: 0
7-20: 11:17:54:625:324 next payload: SA
7-20: 11:17:54:625:324 message ID: 00000000
7-20: 11:17:54:625:324 processing payload SA
7-20: 11:17:54:625:324 Received Phase 1 Transform 1
7-20: 11:17:54:625:324 Encryption Alg Triple DES CBC(5)
7-20: 11:17:54:625:324 Hash Alg SHA(2)
7-20: 11:17:54:625:324 Oakley Group 14
7-20: 11:17:54:625:324 Auth Method RSA Signature with Certificates(3)
7-20: 11:17:54:625:324 Life type in Seconds
7-20: 11:17:54:625:324 Life duration of 28800
7-20: 11:17:54:625:324 Phase 1 SA accepted: transform=1
7-20: 11:17:54:625:324 SA - Oakley proposal accepted
7-20: 11:17:54:625:324 processing payload VENDOR ID
7-20: 11:17:54:625:324 processing payload VENDOR ID
7-20: 11:17:54:625:324 processing payload VENDOR ID
7-20: 11:17:54:625:324 Received VendorId draft-ietf-ipsec-nat-t-ike-02
7-20: 11:17:54:625:324 ClearFragList
7-20: 11:17:54:625:324 constructing ISAKMP Header
7-20: 11:17:54:956:324 constructing KE
7-20: 11:17:54:956:324 constructing NONCE (ISAKMP)
7-20: 11:17:54:956:324 Constructing NatDisc
7-20: 11:17:54:956:324
7-20: 11:17:54:956:324 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:17:54:956:324 ISAKMP Header: (V1.0), len = 360
7-20: 11:17:54:956:324 I-COOKIE b74682e947159e71
7-20: 11:17:54:956:324 R-COOKIE fe41fed7230e70e1
7-20: 11:17:54:956:324 exchange: Oakley Main Mode
7-20: 11:17:54:956:324 flags: 0
7-20: 11:17:54:956:324 next payload: KE
7-20: 11:17:54:956:324 message ID: 00000000
7-20: 11:17:54:956:324 Ports S:f401 D:f401
7-20: 11:17:55:36:324
7-20: 11:17:55:36:324 Receive: (get) SA = 0x000f1748 from 192.168.1.254.500
7-20: 11:17:55:36:324 ISAKMP Header: (V1.0), len = 356
7-20: 11:17:55:36:324 I-COOKIE b74682e947159e71
7-20: 11:17:55:36:324 R-COOKIE fe41fed7230e70e1
7-20: 11:17:55:36:324 exchange: Oakley Main Mode
7-20: 11:17:55:36:324 flags: 0
7-20: 11:17:55:36:324 next payload: KE
7-20: 11:17:55:36:324 message ID: 00000000
7-20: 11:17:55:36:324 processing payload KE
7-20: 11:17:55:96:324 processing payload NONCE
7-20: 11:17:55:96:324 processing payload NATDISC
7-20: 11:17:55:96:324 Processing NatHash
7-20: 11:17:55:96:324 Nat hash c28feb115b1f97cc3dffb1eb435ad1d7
7-20: 11:17:55:96:324 4552ed21
7-20: 11:17:55:96:324 SA StateMask2 e
7-20: 11:17:55:96:324 processing payload NATDISC
7-20: 11:17:55:96:324 Processing NatHash
7-20: 11:17:55:96:324 Nat hash b42c7040ef0a2bd38cc0653f177f75ad
7-20: 11:17:55:96:324 a3dda017
7-20: 11:17:55:96:324 SA StateMask2 8e
7-20: 11:17:55:96:324 ClearFragList
7-20: 11:17:55:96:324 constructing ISAKMP Header
7-20: 11:17:55:96:324 constructing ID
7-20: 11:17:55:96:324 Received no valid CRPs. Using all configured
7-20: 11:17:55:96:324 Looking for IPSec only cert
7-20: 11:17:55:106:324 Cert Trustes. 0 100
7-20: 11:17:55:106:324 Cert SHA Thumbprint c16ae4228d4c7e587a1d592fe65fa9d8
7-20: 11:17:55:106:324 246c3341
7-20: 11:17:55:106:324 CertFindExtenstion failed with 0
7-20: 11:17:55:106:324 Cert SHA Thumbprint c16ae4228d4c7e587a1d592fe65fa9d8
7-20: 11:17:55:106:324 246c3341
7-20: 11:17:55:106:324 SubjectName: C=US, S=Washington, L=Seattle,
O="company", OU=Support, CN=machine.company.com, E=user at company.com
7-20: 11:17:55:106:324 Cert Serialnumber 02
7-20: 11:17:55:106:324 Cert SHA Thumbprint c16ae4228d4c7e587a1d592fe65fa9d8
7-20: 11:17:55:106:324 246c3341
7-20: 11:17:55:106:324 SubjectName: C=US, S=Washington, L=Seattle,
O="company", OU=Support, CN=CA, E=user at company.com
7-20: 11:17:55:106:324 Cert Serialnumber 3800810c5fbe6c8100
7-20: 11:17:55:106:324 Cert SHA Thumbprint 861f04235affe99e3fbd116595f8dc00
7-20: 11:17:55:106:324 b2ba8b74
7-20: 11:17:55:106:324 Not storing My cert chain in SA.
7-20: 11:17:55:106:324 MM ID Type 9
7-20: 11:17:55:106:324 MM ID 3081b8310b3009060355040613025553
7-20: 11:17:55:106:324 311330110603550408130a5761736869
7-20: 11:17:55:106:324 6e67746f6e3110300e06035504071307
7-20: 11:17:55:106:324 53656174746c65311b3019060355040a
7-20: 11:17:55:106:324 131247544420536f6c7574696f6e732c
7-20: 11:17:55:106:324 204c4c433110300e060355040b130753
7-20: 11:17:55:106:324 7570706f727431263024060355040313
7-20: 11:17:55:106:324 1d677464732d7469706f7230312e6774
7-20: 11:17:55:106:324 64736f6c7574696f6e732e636f6d312b
7-20: 11:17:55:106:324 302906092a864886f70d010901161c74
7-20: 11:17:55:106:324 696d2e706f727269747440677464736f
7-20: 11:17:55:106:324 6c7574696f6e732e636f6d
7-20: 11:17:55:106:324 constructing CERT
7-20: 11:17:55:106:324 Construct SIG
7-20: 11:17:55:106:324 Constructing Cert Request
7-20: 11:17:55:106:324 C=US, S=Washington, L=Seattle, O="company",
OU=Support, CN=CA, E=user at company.com
7-20: 11:17:55:106:324
7-20: 11:17:55:106:324 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:17:55:106:324 ISAKMP Header: (V1.0), len = 1556
7-20: 11:17:55:106:324 I-COOKIE b74682e947159e71
7-20: 11:17:55:106:324 R-COOKIE fe41fed7230e70e1
7-20: 11:17:55:106:324 exchange: Oakley Main Mode
7-20: 11:17:55:106:324 flags: 1 ( encrypted )
7-20: 11:17:55:106:324 next payload: ID
7-20: 11:17:55:106:324 message ID: 00000000
7-20: 11:17:55:106:324 Ports S:f401 D:f401
7-20: 11:17:55:136:324
7-20: 11:17:55:136:324 Receive: (get) SA = 0x000f1748 from 192.168.1.254.500
7-20: 11:17:55:136:324 ISAKMP Header: (V1.0), len = 1380
7-20: 11:17:55:136:324 I-COOKIE b74682e947159e71
7-20: 11:17:55:136:324 R-COOKIE fe41fed7230e70e1
7-20: 11:17:55:136:324 exchange: Oakley Main Mode
7-20: 11:17:55:136:324 flags: 1 ( encrypted )
7-20: 11:17:55:136:324 next payload: ID
7-20: 11:17:55:136:324 message ID: 00000000
7-20: 11:17:55:136:324 processing payload ID
7-20: 11:17:55:136:324 processing payload CERT
7-20: 11:17:55:136:324 processing payload SIG
7-20: 11:17:55:136:324 Verifying CertStore
7-20: 11:17:55:136:324 SubjectName: C=US, S=Washington, L=Seattle,
O="company", OU=Support, CN=redguard.company.net, E=user at company.com
7-20: 11:17:55:136:324 Cert Serialnumber 01
7-20: 11:17:55:136:324 Cert SHA Thumbprint 957474f6ffc5f19b6bb9f4f423a99c53
7-20: 11:17:55:136:324 ff5a5169
7-20: 11:17:55:136:324 Cert Trustes. 0 100
7-20: 11:17:55:136:324 SubjectName: C=US, S=Washington, L=Seattle,
O="company", OU=Support, CN=redguard.company.net, E=user at company.com
7-20: 11:17:55:136:324 Cert Serialnumber 01
7-20: 11:17:55:136:324 Cert SHA Thumbprint 957474f6ffc5f19b6bb9f4f423a99c53
7-20: 11:17:55:136:324 ff5a5169
7-20: 11:17:55:136:324 SubjectName: C=US, S=Washington, L=Seattle,
O="company", OU=Support, CN=CA, E=user at company.com
7-20: 11:17:55:136:324 Cert Serialnumber 3800810c5fbe6c8100
7-20: 11:17:55:136:324 Cert SHA Thumbprint 861f04235affe99e3fbd116595f8dc00
7-20: 11:17:55:136:324 b2ba8b74
7-20: 11:17:55:136:324 Not storing Peer's cert chain in SA.
7-20: 11:17:55:136:324 Cert SHA Thumbprint 957474f6ffc5f19b6bb9f4f423a99c53
7-20: 11:17:55:136:324 ff5a5169
7-20: 11:17:55:136:324 CertFindExtenstion failed with 0
7-20: 11:17:55:136:324 Signature validated
7-20: 11:17:55:136:324 ClearFragList
7-20: 11:17:55:136:324 MM established. SA: 000F1748
7-20: 11:17:55:136:324 QM PolicyName: L2TP Optional Encryption Quick
Mode Policy dwFlags 0
7-20: 11:17:55:136:324 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[0] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5
7-20: 11:17:55:136:324 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[1] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: SHA
7-20: 11:17:55:136:324 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[2] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:55:136:324 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
7-20: 11:17:55:136:324 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[3] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:55:136:324 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: 0
7-20: 11:17:55:136:324 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[4] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:55:136:324 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: SHA
7-20: 11:17:55:136:324 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[5] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:55:136:324 Algo[1] Operation: ESP Algo: Triple DES CBC HMAC: MD5
7-20: 11:17:55:136:324 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[6] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
7-20: 11:17:55:136:324 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[7] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
7-20: 11:17:55:136:324 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[8] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:55:136:324 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
7-20: 11:17:55:136:324 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[9] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:55:136:324 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
7-20: 11:17:55:136:324 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[10] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:55:136:324 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
7-20: 11:17:55:136:324 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[11] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:55:136:324 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
7-20: 11:17:55:136:324 QMOffer[12] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[12] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
7-20: 11:17:55:136:324 QMOffer[13] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[13] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
7-20: 11:17:55:136:324 QMOffer[14] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[14] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: SHA
7-20: 11:17:55:136:324 QMOffer[15] LifetimeKBytes 250000 LifetimeSec 3600
7-20: 11:17:55:136:324 QMOffer[15] dwFlags 0 dwPFSGroup 0
7-20: 11:17:55:136:324 Algo[0] Operation: AH Algo: MD5
7-20: 11:17:55:136:324 GetSpi: src = 192.168.1.254.1701, dst =
192.168.1.102.1701, proto = 17, context = 00000000, srcMask =
255.255.255.255, destMask = 255.255.255.255, TunnelFilter 0
7-20: 11:17:55:136:324 Setting SPI 3508077115
7-20: 11:17:55:136:324 constructing ISAKMP Header
7-20: 11:17:55:136:324 constructing HASH (null)
7-20: 11:17:55:136:324 constructing SA (IPSEC)
7-20: 11:17:55:136:324 constructing NONCE (IPSEC)
7-20: 11:17:55:136:324 constructing ID (proxy)
7-20: 11:17:55:136:324 constructing ID (proxy)
7-20: 11:17:55:136:324 constructing HASH (QM)
7-20: 11:17:55:136:324
7-20: 11:17:55:136:324 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:17:55:136:324 ISAKMP Header: (V1.0), len = 1300
7-20: 11:17:55:136:324 I-COOKIE b74682e947159e71
7-20: 11:17:55:136:324 R-COOKIE fe41fed7230e70e1
7-20: 11:17:55:136:324 exchange: Oakley Quick Mode
7-20: 11:17:55:136:324 flags: 1 ( encrypted )
7-20: 11:17:55:136:324 next payload: HASH
7-20: 11:17:55:136:324 message ID: 30e739d9
7-20: 11:17:55:136:324 Ports S:f401 D:f401
7-20: 11:17:56:588:168 retransmit: sa = 000F1748 centry 0012AB00 , count = 1
7-20: 11:17:56:588:168
7-20: 11:17:56:588:168 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:17:56:588:168 ISAKMP Header: (V1.0), len = 1300
7-20: 11:17:56:588:168 I-COOKIE b74682e947159e71
7-20: 11:17:56:588:168 R-COOKIE fe41fed7230e70e1
7-20: 11:17:56:588:168 exchange: Oakley Quick Mode
7-20: 11:17:56:588:168 flags: 1 ( encrypted )
7-20: 11:17:56:588:168 next payload: HASH
7-20: 11:17:56:588:168 message ID: 30e739d9
7-20: 11:17:56:588:168 Ports S:f401 D:f401
7-20: 11:17:58:591:168 retransmit: sa = 000F1748 centry 0012AB00 , count = 2
7-20: 11:17:58:591:168
7-20: 11:17:58:591:168 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:17:58:591:168 ISAKMP Header: (V1.0), len = 1300
7-20: 11:17:58:591:168 I-COOKIE b74682e947159e71
7-20: 11:17:58:591:168 R-COOKIE fe41fed7230e70e1
7-20: 11:17:58:591:168 exchange: Oakley Quick Mode
7-20: 11:17:58:591:168 flags: 1 ( encrypted )
7-20: 11:17:58:591:168 next payload: HASH
7-20: 11:17:58:591:168 message ID: 30e739d9
7-20: 11:17:58:591:168 Ports S:f401 D:f401
7-20: 11:18:02:597:168 retransmit: sa = 000F1748 centry 0012AB00 , count = 3
7-20: 11:18:02:597:168
7-20: 11:18:02:597:168 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:18:02:597:168 ISAKMP Header: (V1.0), len = 1300
7-20: 11:18:02:597:168 I-COOKIE b74682e947159e71
7-20: 11:18:02:597:168 R-COOKIE fe41fed7230e70e1
7-20: 11:18:02:597:168 exchange: Oakley Quick Mode
7-20: 11:18:02:597:168 flags: 1 ( encrypted )
7-20: 11:18:02:597:168 next payload: HASH
7-20: 11:18:02:597:168 message ID: 30e739d9
7-20: 11:18:02:597:168 Ports S:f401 D:f401
7-20: 11:18:10:608:168 retransmit: sa = 000F1748 centry 0012AB00 , count = 4
7-20: 11:18:10:608:168
7-20: 11:18:10:608:168 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:18:10:608:168 ISAKMP Header: (V1.0), len = 1300
7-20: 11:18:10:608:168 I-COOKIE b74682e947159e71
7-20: 11:18:10:608:168 R-COOKIE fe41fed7230e70e1
7-20: 11:18:10:608:168 exchange: Oakley Quick Mode
7-20: 11:18:10:608:168 flags: 1 ( encrypted )
7-20: 11:18:10:608:168 next payload: HASH
7-20: 11:18:10:608:168 message ID: 30e739d9
7-20: 11:18:10:608:168 Ports S:f401 D:f401
7-20: 11:18:26:632:168 retransmit: sa = 000F1748 centry 0012AB00 , count = 5
7-20: 11:18:26:632:168
7-20: 11:18:26:632:168 Sending: SA = 0x000F1748 to 192.168.1.254:Type 2.500
7-20: 11:18:26:632:168 ISAKMP Header: (V1.0), len = 1300
7-20: 11:18:26:632:168 I-COOKIE b74682e947159e71
7-20: 11:18:26:632:168 R-COOKIE fe41fed7230e70e1
7-20: 11:18:26:632:168 exchange: Oakley Quick Mode
7-20: 11:18:26:632:168 flags: 1 ( encrypted )
7-20: 11:18:26:632:168 next payload: HASH
7-20: 11:18:26:632:168 message ID: 30e739d9
7-20: 11:18:26:632:168 Ports S:f401 D:f401
7-20: 11:18:58:678:168 retransmit exhausted: sa = 000F1748 centry
0012AB00, count = 6
7-20: 11:18:58:678:168 Data Protection Mode (Quick Mode)
7-20: 11:18:58:678:168 Source IP Address 192.168.1.102 Source IP
Address Mask 255.255.255.255 Destination IP Address 192.168.1.254
Destination IP Address Mask 255.255.255.255 Protocol 17 Source Port
1701 Destination Port 1701 IKE Local Addr 192.168.1.102 IKE Peer
Addr 192.168.1.254
7-20: 11:18:58:678:168 Certificate based Identity. Peer Subject
C=US, S=Washington, L=Seattle, O="company", OU=Support,
CN=redguard.company.net, E=user at company.com Peer SHA Thumbprint
957474f6ffc5f19b6bb9f4f423a99c53ff5a5169 Peer Issuing Certificate
Authority C=US, S=Washington, L=Seattle, O="company", OU=Support,
CN=CA, E=user at company.com Root Certificate Authority C=US,
S=Washington, L=Seattle, O="company", OU=Support, CN=CA,
E=user at company.com My Subject C=US, S=Washington, L=Seattle,
O="company", OU=Support, CN=machine.company.com, E=user at company.com
My SHA Thumbprint c16ae4228d4c7e587a1d592fe65fa9d8246c3341 Peer IP
Address: 192.168.1.254
7-20: 11:18:58:678:168 Me
7-20: 11:18:58:678:168 Negotiation timed out
7-20: 11:18:58:678:168 0x0 0x0
7-20: 11:18:58:678:168 isadb_set_status sa:000F1748 centry:0012AB00 status 35ed
7-20: 11:18:58:678:168 isadb_set_status InitiateEvent 00000598:
Setting Status 35ed
7-20: 11:18:58:678:168 Clearing centry 0012AB00 InitiateEvent 00000598
7-20: 11:18:58:678:b0 CloseNegHandle 00000598
7-20: 11:18:58:678:b0 SE cookie b74682e947159e71
7-20: 11:18:58:708:b0 isadb_schedule_kill_oldPolicy_sas:
b68ee173-d36f-41b2-8ef44bc39c3bb727 4
7-20: 11:18:58:708:304 isadb_schedule_kill_oldPolicy_sas:
8e352843-efe6-4d55-98f3e5191fb60381 3
7-20: 11:18:58:708:b80 isadb_schedule_kill_oldPolicy_sas:
f361b5ca-bc3b-4565-9d23562619adede6 2
7-20: 11:18:58:708:b0 isadb_schedule_kill_oldPolicy_sas:
03cddcd4-8c75-438f-a0b99b7e3acbc422 1
7-20: 11:18:58:718:324 entered kill_old_policy_sas 4
7-20: 11:18:58:718:324 SA Dead. sa:000F1748 status:3619
7-20: 11:18:58:718:324 isadb_set_status sa:000F1748 centry:00000000 status 3619
7-20: 11:18:58:718:324 constructing ISAKMP Header
7-20: 11:18:58:718:324 constructing HASH (null)
7-20: 11:18:58:718:324 constructing DELETE. MM 000F1748
7-20: 11:18:58:718:324 constructing HASH (Notify/Delete)
7-20: 11:18:58:718:324 Not setting retransmit to downlevel client. SA
000F1748 Centry 00000000
7-20: 11:18:58:718:324
7-20: 11:18:58:718:324 Sending: SA = 0x000F1748 to 192.168.1.254:Type 1.500
7-20: 11:18:58:718:324 ISAKMP Header: (V1.0), len = 84
7-20: 11:18:58:718:324 I-COOKIE b74682e947159e71
7-20: 11:18:58:718:324 R-COOKIE fe41fed7230e70e1
7-20: 11:18:58:718:324 exchange: ISAKMP Informational Exchange
7-20: 11:18:58:718:324 flags: 1 ( encrypted )
7-20: 11:18:58:718:324 next payload: HASH
7-20: 11:18:58:718:324 message ID: 9ede3f7d
7-20: 11:18:58:718:324 Ports S:f401 D:f401
7-20: 11:18:58:718:324 entered kill_old_policy_sas 3
7-20: 11:18:58:718:324 entered kill_old_policy_sas 2
7-20: 11:18:58:718:324 entered kill_old_policy_sas 1
7-20: 11:18:58:718:324
7-20: 11:18:58:718:324 Receive: (get) SA = 0x000f1748 from 192.168.1.254.500
7-20: 11:18:58:718:324 ISAKMP Header: (V1.0), len = 84
7-20: 11:18:58:718:324 I-COOKIE b74682e947159e71
7-20: 11:18:58:718:324 R-COOKIE fe41fed7230e70e1
7-20: 11:18:58:718:324 exchange: ISAKMP Informational Exchange
7-20: 11:18:58:718:324 flags: 1 ( encrypted )
7-20: 11:18:58:718:324 next payload: HASH
7-20: 11:18:58:718:324 message ID: efb54e18
7-20: 11:18:58:718:324 processing HASH (Notify/Delete)
7-20: 11:18:58:718:324 processing payload DELETE
7-20: 11:19:32:938:84 ClearFragList
On the linux side the openswan ipsec.conf looks like this:
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $
# This file: /usr/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
leftcert=redguard.company.com.pem
conn roadwarrior-all
also=roadwarrior
conn roadwarrior-l2tp
pfs=no
leftprotoport=17/0
rightprotoport=17/1701
conn roadwarrior-l2tp-updatedwin
pfs=no
leftprotoport=17/1701
rightprotoport=17/1701
also=roadwarrior
conn roadwarrior-net
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=redguard.company.com.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
I get the following errors in my /var/log/secure
Jul 20 10:43:50 redguard pluto[3156]: packet from 192.168.1.102:500:
received and ignored informational message
Jul 20 11:18:12 redguard pluto[3156]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jul 20 11:18:12 redguard pluto[3156]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [FRAGMENTATION]
Jul 20 11:18:12 redguard pluto[3156]: packet from 192.168.1.102:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
set to=106
Jul 20 11:18:12 redguard pluto[3156]: packet from 192.168.1.102:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[3] 192.168.1.102
#2: responding to Main Mode from unknown peer 192.168.1.102
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[3] 192.168.1.102
#2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[3] 192.168.1.102
#2: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no
NAT detected
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[3] 192.168.1.102
#2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[3] 192.168.1.102
#2: Main mode peer ID is ID_DER_ASN1_DN: 'C=US, ST=Washington,
L=Seattle, O=company, OU=Support, CN=machine.company.com,
E=user at company.com'
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: deleting connection "roadwarrior" instance with peer 192.168.1.102
{isakmp=#0/ipsec=#0}
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: I am sending my cert
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: sent MR3, ISAKMP SA established
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: cannot respond to IPsec SA request because no connection is known
for 192.168.1.254[C=US, ST=Washington, L=Seattle, O=company,
OU=Support, CN=redguard.company.net,
E=user at company.com]:17/1701...192.168.1.102[C=US, ST=Washington,
L=Seattle, O=company, OU=Support, CN=machine.company.com,
E=email at company.com]:17/1701
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: sending encrypted notification INVALID_ID_INFORMATION to
192.168.1.102:500
Jul 20 11:18:12 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: failed to build notification for spisize=0
Jul 20 11:18:14 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0xd939e730 (perhaps this is a duplicated packet)
Jul 20 11:18:14 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: sending encrypted notification INVALID_MESSAGE_ID to
192.168.1.102:500
Jul 20 11:18:14 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: failed to build notification for spisize=0
Jul 20 11:18:16 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0xd939e730 (perhaps this is a duplicated packet)
Jul 20 11:18:16 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: sending encrypted notification INVALID_MESSAGE_ID to
192.168.1.102:500
Jul 20 11:18:16 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: failed to build notification for spisize=0
Jul 20 11:18:20 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0xd939e730 (perhaps this is a duplicated packet)
Jul 20 11:18:20 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: sending encrypted notification INVALID_MESSAGE_ID to
192.168.1.102:500
Jul 20 11:18:20 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: failed to build notification for spisize=0
Jul 20 11:18:28 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0xd939e730 (perhaps this is a duplicated packet)
Jul 20 11:18:28 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: sending encrypted notification INVALID_MESSAGE_ID to
192.168.1.102:500
Jul 20 11:18:28 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: failed to build notification for spisize=0
Jul 20 11:18:44 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: Quick Mode I1 message is unacceptable because it uses a previously
used Message ID 0xd939e730 (perhaps this is a duplicated packet)
Jul 20 11:18:44 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: sending encrypted notification INVALID_MESSAGE_ID to
192.168.1.102:500
Jul 20 11:18:44 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: failed to build notification for spisize=0
Jul 20 11:19:16 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102
#2: received Delete SA payload: deleting ISAKMP State #2
Jul 20 11:19:16 redguard pluto[3156]: "roadwarrior"[4] 192.168.1.102:
deleting connection "roadwarrior" instance with peer 192.168.1.102
{isakmp=#0/ipsec=#0}
Jul 20 11:19:16 redguard pluto[3156]: packet from 192.168.1.102:500:
received and ignored informational message
I looked through the ipsec.conf for any typos and am unable to find
them, I am just not sure of where the problem lies. I did also try to
connect using the 3rd party tool from http://vpn.ebootis.de/ but got
many windows errors and it didn't even try to connect. I would really
prefer to use the native windows ipsec if possible. Also I have not
installed extra software on the linux box for l2tp or ppp (not using
dialup) is that required or will the ipsec work without it?
More information about the Users
mailing list