[Openswan Users] Error IPsec/L2tp connection

rodrigo nobrega nobregasz at yahoo.com.br
Mon Mar 28 12:29:03 CEST 2005 

i have a ipsec connection working and im trying setup
a L2tp/ipsec connection behind NAT.

im using openswan 2.3.1r3 and L2TPD from debian 2.4.18
apt get.

when i ping 10.x.x.x using MM ipsec tools all work
fine but, when i do ipsec -off  and use l2tp/ipsec
connection from winxp i dont have response.

Where i can see l2tp logs??

from aut.log i can see ipsec stablished...

Tks for helps and sory for my english.


Mar 28 10:21:45 vpn pluto[3343]: packet from
200.241.203.69:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar 28 10:21:45 vpn pluto[3343]: packet from
200.241.203.69:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Mar 28 10:21:45 vpn pluto[3343]: "roadwarrior-net"[1]
200.241.203.69 #1: responding to Main Mode from
unknown peer 200.241.203.69
Mar 28 10:21:45 vpn pluto[3343]: "roadwarrior-net"[1]
200.241.203.69 #1: transition from state STATE_MAIN_R0
to state STATE_MAIN_R1
Mar 28 10:21:46 vpn pluto[3343]: "roadwarrior-net"[1]
200.241.203.69 #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
Mar 28 10:21:46 vpn pluto[3343]: "roadwarrior-net"[1]
200.241.203.69 #1: transition from state STATE_MAIN_R1
to state STATE_MAIN_R2
Mar 28 10:21:47 vpn pluto[3343]: "roadwarrior-net"[1]
200.241.203.69 #1: Main mode peer ID is
ID_DER_ASN1_DN: 'C=br, ST=paraiba, L=joao pessoa,
O=sefin, OU=nsi, CN=suporte.vpn.sefin,
E=rnobrega at sre.pb.gov.br'
Mar 28 10:21:47 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: deleting connection
"roadwarrior-net" instance with peer 200.241.203.69
{isakmp=#0/ipsec=#0}
Mar 28 10:21:47 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: I am sending my cert
Mar 28 10:21:47 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: transition from state STATE_MAIN_R2
to state STATE_MAIN_R3
Mar 28 10:21:47 vpn pluto[3343]: | NAT-T: new mapping
200.241.203.69:500/4500)
Mar 28 10:21:47 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: sent MR3, ISAKMP SA established
Mar 28 10:21:48 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: retransmitting in response to
duplicate packet; already STATE_MAIN_R3
Mar 28 10:21:49 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: cannot respond to IPsec SA request
because no connection is known for
200.164.224.8/32===192.168.1.8[C=br, ST=paraiba,
L=joao pessoa, O=sefin, OU=nsi, CN=gw.vpn.sefin,
E=rnobrega at sre.pb.gov.br]:17/1701...200.241.203.69[C=br,
ST=paraiba, L=joao pessoa, O=sefin, OU=nsi,
CN=suporte.vpn.sefin,
E=rnobrega at sre.pb.gov.br]:17/1701
Mar 28 10:21:49 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: sending encrypted notification
INVALID_ID_INFORMATION to 200.241.203.69:4500
Mar 28 10:21:49 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: failed to build notification for
spisize=0
Mar 28 10:21:50 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: Quick Mode I1 message is
unacceptable because it uses a previously used Message
ID 0xb79cb11e (perhaps this is a duplicated packet)
Mar 28 10:21:50 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: sending encrypted notification
INVALID_MESSAGE_ID to 200.241.203.69:4500
Mar 28 10:21:50 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: failed to build notification for
spisize=0
Mar 28 10:21:52 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: Quick Mode I1 message is
unacceptable because it uses a previously used Message
ID 0xb79cb11e (perhaps this is a duplicated packet)
Mar 28 10:21:52 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: sending encrypted notification
INVALID_MESSAGE_ID to 200.241.203.69:4500
Mar 28 10:21:52 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: failed to build notification for
spisize=0
Mar 28 10:21:53 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69 #1: received Delete SA payload:
deleting ISAKMP State #1
Mar 28 10:21:53 vpn pluto[3343]: "roadwarrior-net"[2]
200.241.203.69: deleting connection "roadwarrior-net"
instance with peer 200.241.203.69 {isakmp=#0/ipsec=#0}
Mar 28 10:21:53 vpn pluto[3343]: packet from
200.241.203.69:4500: received and ignored
informational message

config setup
        interfaces=%defaultroute
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
        klipsdebug=none
        plutodebug=none

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-l2tp
        pfs=no
        leftprotoport=17/0
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-l2tp-updatedwin
        pfs=no
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-net
        leftsubnet=10.0.0.0/255.0.0.0
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=gw.vpn.sefin.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add

conn block
        auto=ignore

conn private
        auto=ignore

conn private-or-clear
        auto=ignore

conn clear-or-private
        auto=ignore

conn clear
        auto=ignore

conn packetdefault
        auto=ignore


	
	
		
Yahoo! Acesso Grátis - Internet rápida e grátis. 
Instale o discador agora! http://br.acesso.yahoo.com/

More information about the Users mailing list