[Openswan Users] openswan/l2tp client to windows 2003 server

Peter Teufl pteufl at sbox.tugraz.at
Thu Mar 24 22:30:09 CET 2005


Hi,

>
> You get "xxx ID returned doesn't match my proposal"? What was the 
> exact error?
>
> Perhaps this is where the 17/0 issue kicked in. When you patched the 
> source
> to force the draft NAT-T, did you use 17/1701 or was it still at 17/0?
> If it was the latter, could you repeat with 17/1701?

I have changed the source (openswan 2.3.0) again and applied 17/1701.
I set this in vendor.h to force draft _02. What's the difference between 
02 and 02_n anyway?
VID_NATT_IETF_00           =105,
VID_NATT_IETF_02_N      =107,
VID_NATT_IETF_02          =106,


Phase1 is up, but Phase 2 fails. But the same configuration works 
without NAT. So I think the connection parameters should be ok.

104 "windows2003" #11: STATE_MAIN_I1: initiate
010 "windows2003" #11: STATE_MAIN_I1: retransmission; will wait 20s for 
response
010 "windows2003" #11: STATE_MAIN_I1: retransmission; will wait 40s for 
response
003 "windows2003" #11: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 
00000004]
003 "windows2003" #11: ignoring Vendor ID payload [FRAGMENTATION]
003 "windows2003" #11: received Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=107
106 "windows2003" #11: STATE_MAIN_I2: sent MI2, expecting MR2
003 "windows2003" #11: NAT-Traversal: Result using 
draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
108 "windows2003" #11: STATE_MAIN_I3: sent MI3, expecting MR3
004 "windows2003" #11: STATE_MAIN_I4: ISAKMP SA established
117 "windows2003" #12: STATE_QUICK_I1: initiate
003 "windows2003" #12: ignoring informational payload, type 
IPSEC_RESPONDER_LIFETIME
003 "windows2003" #12: our client ID returned doesn't match my proposal
218 "windows2003" #12: STATE_QUICK_I1: INVALID_ID_INFORMATION
031 "windows2003" #12: max number of retransmissions (2) reached 
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: 
perhaps peer likes no proposal


Do you have any ideas?

Btw: Great work with your ipsec/l2tp howto. That helped quite a lot when 
setting up an openswan/l2tp server for windows clients!

Thanks!
Peter


More information about the Users mailing list