[Openswan Users] openswan/l2tp client to windows 2003 server
Peter Teufl
pteufl at sbox.tugraz.at
Thu Mar 24 22:30:09 CET 2005
Hi,
>
> You get "xxx ID returned doesn't match my proposal"? What was the
> exact error?
>
> Perhaps this is where the 17/0 issue kicked in. When you patched the
> source
> to force the draft NAT-T, did you use 17/1701 or was it still at 17/0?
> If it was the latter, could you repeat with 17/1701?
I have changed the source (openswan 2.3.0) again and applied 17/1701.
I set this in vendor.h to force draft _02. What's the difference between
02 and 02_n anyway?
VID_NATT_IETF_00 =105,
VID_NATT_IETF_02_N =107,
VID_NATT_IETF_02 =106,
Phase1 is up, but Phase 2 fails. But the same configuration works
without NAT. So I think the connection parameters should be ok.
104 "windows2003" #11: STATE_MAIN_I1: initiate
010 "windows2003" #11: STATE_MAIN_I1: retransmission; will wait 20s for
response
010 "windows2003" #11: STATE_MAIN_I1: retransmission; will wait 40s for
response
003 "windows2003" #11: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY
00000004]
003 "windows2003" #11: ignoring Vendor ID payload [FRAGMENTATION]
003 "windows2003" #11: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=107
106 "windows2003" #11: STATE_MAIN_I2: sent MI2, expecting MR2
003 "windows2003" #11: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
108 "windows2003" #11: STATE_MAIN_I3: sent MI3, expecting MR3
004 "windows2003" #11: STATE_MAIN_I4: ISAKMP SA established
117 "windows2003" #12: STATE_QUICK_I1: initiate
003 "windows2003" #12: ignoring informational payload, type
IPSEC_RESPONDER_LIFETIME
003 "windows2003" #12: our client ID returned doesn't match my proposal
218 "windows2003" #12: STATE_QUICK_I1: INVALID_ID_INFORMATION
031 "windows2003" #12: max number of retransmissions (2) reached
STATE_QUICK_I1. No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal
Do you have any ideas?
Btw: Great work with your ipsec/l2tp howto. That helped quite a lot when
setting up an openswan/l2tp server for windows clients!
Thanks!
Peter
More information about the Users
mailing list