[Openswan Users] WinXP Prof. SP2 Problem: connecting linux l2tp/ipsec server

guest01 guest01 at gmail.com
Wed Mar 16 15:30:44 CET 2005 

Hi

I have an annoying problem with connecting with WIndows XP Professional
SP2 to
my Debian l2tp/ipsec server via certificates.
I use openswan as ipsec implementation and get following error in my
linux log files:

Mar 16 15:00:07 localhost pluto[26355]: packet from xxx.xxx.xxx.xxx:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar 16 15:00:07 localhost pluto[26355]: packet from xxx.xxx.xxx.xxx:500:
ignoring Vendor ID payload [FRAGMENTATION]
Mar 16 15:00:07 localhost pluto[26355]: packet from xxx.xxx.xxx.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Mar 16 15:00:07 localhost pluto[26355]: packet from xxx.xxx.xxx.xxx:500:
ignoring Vendor ID payload [26244d38eddb61b3172a36e3d0cfb819]
Mar 16 15:00:07 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: responding to Main Mode from unknown peer xxx.xxx.xxx.xxx
Mar 16 15:00:07 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: transition from state (null) to state STATE_MAIN_R1
Mar 16 15:00:08 localhost kernel: DROPIN=int OUT=
MAC=ff:ff:ff:ff:ff:ff:00:04:75:83:aa:29:08:00 SRC=10.50.50.4
DST=255.255.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=31266 PROTO=UDP
SPT=1242 DPT=8087 LEN=48
Mar 16 15:00:08 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer
is NATed
Mar 16 15:00:08 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: Peer ID is ID_DER_ASN1_DN: 'C=aaa, ST=bbb, L=ccc, O=ddd, OU=eee,
cn=fff, E=gggg at hh.ii'
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no crl from issuer "C=AA, ST=BB, L=CC, O=DD, OU=EE, CN=FF, E=GG"
found (strict=no)
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no suitable connection for peer 'C=aaa, ST=bbb, L=ccc, O=ddd,
OU=eee, cn=fff, E=gggg at hh.ii'
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: sending encrypted notification INVALID_ID_INFORMATION to
xxx.xxx.xxx.xxx:500
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: Peer ID is ID_DER_ASN1_DN: 'C=aaa, ST=bbb, L=ccc, O=ddd, OU=eee,
cn=fff, E=gggg at hh.ii'
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no crl from issuer "C=AA, ST=BB, L=CC, O=DD, OU=EE, CN=FF, E=GG"
found (strict=no)
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no suitable connection for peer 'C=aaa, ST=bbb, L=ccc, O=ddd,
OU=eee, cn=fff, E=gggg at hh.ii'
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: sending encrypted notification INVALID_ID_INFORMATION to
xxx.xxx.xxx.xxx:500
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: Peer ID is ID_DER_ASN1_DN: 'C=aaa, ST=bbb, L=ccc, O=ddd, OU=eee,
cn=fff, E=gggg at hh.ii'
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no crl from issuer "C=AA, ST=BB, L=CC, O=DD, OU=EE, CN=FF, E=GG"
found (strict=no)
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no suitable connection for peer 'C=aaa, ST=bbb, L=ccc, O=ddd,
OU=eee, cn=fff, E=gggg at hh.ii'
Mar 16 15:00:10 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: sending encrypted notification INVALID_ID_INFORMATION to
xxx.xxx.xxx.xxx:500
Mar 16 15:00:14 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: Peer ID is ID_DER_ASN1_DN: 'C=aaa, ST=bbb, L=ccc, O=ddd, OU=eee,
cn=fff, E=gggg at hh.ii'
Mar 16 15:00:14 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no crl from issuer "C=AA, ST=BB, L=CC, O=DD, OU=EE, CN=FF, E=GG"
found (strict=no)
Mar 16 15:00:14 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no suitable connection for peer 'C=aaa, ST=bbb, L=ccc, O=ddd,
OU=eee, cn=fff, E=gggg at hh.ii'
Mar 16 15:00:14 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: sending encrypted notification INVALID_ID_INFORMATION to
xxx.xxx.xxx.xxx:500
Mar 16 15:00:22 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: Peer ID is ID_DER_ASN1_DN: 'C=aaa, ST=bbb, L=ccc, O=ddd, OU=eee,
cn=fff, E=gggg at hh.ii'
Mar 16 15:00:22 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no crl from issuer "C=AA, ST=BB, L=CC, O=DD, OU=EE, CN=FF, E=GG"
found (strict=no)
Mar 16 15:00:22 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: no suitable connection for peer 'C=aaa, ST=bbb, L=ccc, O=ddd,
OU=eee, cn=fff, E=gggg at hh.ii'
Mar 16 15:00:22 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: sending encrypted notification INVALID_ID_INFORMATION to
xxx.xxx.xxx.xxx:500
Mar 16 15:00:30 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: next payload type of ISAKMP Hash Payload has an unknown value: 167
Mar 16 15:00:30 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: malformed payload in packet
Mar 16 15:00:30 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: sending encrypted notification PAYLOAD_MALFORMED to xxx.xxx.xxx.xxx:500
Mar 16 15:01:18 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx
#3: max number of retransmissions (2) reached STATE_MAIN_R2
Mar 16 15:01:18 localhost pluto[26355]: "testtunnel"[3] xxx.xxx.xxx.xxx:
deleting connection "testtunnel" instance with peer xxx.xxx.xxx.xxx
{isakmp=#0/ipsec=#0}

Does anyone have an idea whats wrong?
thxs
regards
peda

More information about the Users mailing list