[Openswan Users] Opwenswan and L2TP Problem !

Stanislav Nedelchev stanislav.nedelchev at gmail.com
Tue Jun 7 14:51:42 CEST 2005 

This test is with NAT-ed peer 
after couple of hours i will make test from not NAT-ed peer


This is without keyexchange=ike
Jun  7 14:34:01 fw pluto[26669]:   Warning: empty directory
Jun  7 14:34:01 fw pluto[26669]: Changing to directory '/etc/ipsec.d/crls'
Jun  7 14:34:01 fw pluto[26669]:   Warning: empty directory
Jun  7 14:34:01 fw pluto[26669]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found
Jun  7 14:34:03 fw pluto[26669]: | from whack: got --esp=3des
Jun  7 14:34:03 fw pluto[26669]: | from whack: got --ike=3des
Jun  7 14:34:03 fw pluto[26669]: added connection description "EE-Cisco"
i get this error
Jun  7 14:34:30 fw pluto[26669]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jun  7 14:34:30 fw pluto[26669]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [FRAGMENTATION]
Jun  7 14:34:30 fw pluto[26669]: packet from 80.80.157.81:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jun  7 14:34:30 fw pluto[26669]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Jun  7 14:34:30 fw pluto[26669]: packet from 80.80.157.81:500: initial
Main Mode message received on 213.91.208.250:500 but no connection has
been authorized with policy=PSK


with keyexchange=ike
Jun  7 14:37:07 fw pluto[26923]:   Warning: empty directory
Jun  7 14:37:07 fw pluto[26923]: OpenPGP certificate file
'/etc/pgpcert.pgp' not found
Jun  7 14:37:08 fw pluto[26923]: | from whack: got --esp=3des
Jun  7 14:37:08 fw pluto[26923]: | from whack: got --ike=3des
Jun  7 14:37:08 fw pluto[26923]: added connection description "roadwarrior"
Jun  7 14:37:08 fw pluto[26923]: | from whack: got --esp=3des
Jun  7 14:37:08 fw pluto[26923]: | from whack: got --ike=3des
Jun  7 14:37:08 fw pluto[26923]: added connection description "EE-Cisco"
Jun  7 14:41:20 fw pluto[26923]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Jun  7 14:41:20 fw pluto[26923]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [FRAGMENTATION]
Jun  7 14:41:20 fw pluto[26923]: packet from 80.80.157.81:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Jun  7 14:41:20 fw pluto[26923]: packet from 80.80.157.81:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]

Jun  7 14:41:20 fw pluto[26923]: "roadwarrior"[1] 80.80.157.81 #3:
responding to Main Mode from unknown peer 80.80.157.81
Jun  7 14:41:20 fw pluto[26923]: "roadwarrior"[1] 80.80.157.81 #3:
transition from state (null) to state STATE_MAIN_R1
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[1] 80.80.157.81 #3:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is
NATed
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[1] 80.80.157.81 #3:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[1] 80.80.157.81 #3:
Main mode peer ID is ID_FQDN: '@langomir'
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[2] 80.80.157.81 #3:
deleting connection "roadwarrior" instance with peer 80.80.157.81
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[2] 80.80.157.81 #3:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Jun  7 14:41:21 fw pluto[26923]: | NAT-T: new mapping 80.80.157.81:500/4500)
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[2] 80.80.157.81:4500
#3: sent MR3, ISAKMP SA established
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[2] 80.80.157.81:4500
#4: responding to Quick Mode
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[2] 80.80.157.81:4500
#4: transition from state (null) to state STATE_QUICK_R1
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[2] 80.80.157.81:4500
#4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Jun  7 14:41:21 fw pluto[26923]: "roadwarrior"[2] 80.80.157.81:4500
#4: IPsec SA established
Jun  7 14:41:30 fw pluto[26923]: "roadwarrior"[2] 80.80.157.81:4500
#3: received Delete SA payload: deleting ISAKMP State #3
Jun  7 14:41:30 fw pluto[26923]: packet from 80.80.157.81:4500:
received and ignored informational message
Jun  7 14:41:30 fw pluto[26923]: packet from 80.80.157.81:4500:
Informational Exchange is for an unknown (expired?) SA

On 6/7/05, Jacco de Leeuw <jacco2 at dds.nl> wrote:
> Stanislav Nedelchev wrote:
> 
> > The peer that i'm trying is NAT-ed
> 
> Switch to certificates or don't use NAT.
> 
> > Jun  7 13:48:15 fw pluto[25566]: packet from 80.80.157.81:500: initial
> > Main Mode message received on 213.91.208.250:500 but no connection
> > has been authorized with policy=PSK
> 
> There must be a simple explanation for this. Perhaps you mistyped
> the client's IP address? What does your ipsec.conf look like?
> 
> Jacco
> --
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
>

More information about the Users mailing list