[Openswan Users] Problem with some ADSL routers

Marcelo Mercio Dandrea mdandrea at terra.com.br
Tue Mar 29 14:34:31 CEST 2005




 Hey all,

    I´m using openswan with L2TP windows road-warriors, as explained on the Nate Carson´s page. It almost always works, and after several tests, I found out that when it doesnt, its because the windows notebook is behind some ADSL modens (like DSLINK 200) configured to do NAPT as its default intranet->internet conversion. When I change the moden behavior to "BASIC" (nat 1:1) then it works fine. I tried with openswan 2.1.5, 2.2.0 and 2.3.1r4, hoping that maybe changes in NAT-T would help me, but no luck so far. 
    Below follows the log of a failed connection. Everything from the beginning to the "Mar 29 13:20:31" entry just keeps repeating, until windows gives up with a timeout.
    I know reconfiguring/changing the modem will work, but that isnt an option sometimes, so Im hoping I can do something on the server side.
    Any help will be greatly appreaciated, since I think I ran out of options.

                                                                                 Thanks,

                                                                                            Marcelo


Mar 29 13:20:16 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar 29 13:20:16 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [FRAGMENTATION]
Mar 29 13:20:16 vpnserver pluto[4553]: packet from 201.15.136.27:50041: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar 29 13:20:16 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [Vid-Initial-Contact]
Mar 29 13:20:16 vpnserver pluto[4553]: "roadwarrior-l2tp"[3] 201.15.136.27 #3: responding to Main Mode from unknown peer 201.15.136.27
Mar 29 13:20:16 vpnserver pluto[4553]: "roadwarrior-l2tp"[3] 201.15.136.27 #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 29 13:20:17 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar 29 13:20:17 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [FRAGMENTATION]
Mar 29 13:20:17 vpnserver pluto[4553]: packet from 201.15.136.27:50041: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar 29 13:20:17 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [Vid-Initial-Contact]
Mar 29 13:20:17 vpnserver pluto[4553]: "roadwarrior-l2tp"[4] 201.15.136.27 #4: responding to Main Mode from unknown peer 201.15.136.27
Mar 29 13:20:17 vpnserver pluto[4553]: "roadwarrior-l2tp"[4] 201.15.136.27 #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 29 13:20:19 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar 29 13:20:19 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [FRAGMENTATION]
Mar 29 13:20:19 vpnserver pluto[4553]: packet from 201.15.136.27:50041: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar 29 13:20:19 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [Vid-Initial-Contact]
Mar 29 13:20:19 vpnserver pluto[4553]: "roadwarrior-l2tp"[5] 201.15.136.27 #5: responding to Main Mode from unknown peer 201.15.136.27
Mar 29 13:20:19 vpnserver pluto[4553]: "roadwarrior-l2tp"[5] 201.15.136.27 #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 29 13:20:23 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar 29 13:20:23 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [FRAGMENTATION]
Mar 29 13:20:23 vpnserver pluto[4553]: packet from 201.15.136.27:50041: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar 29 13:20:23 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [Vid-Initial-Contact]
Mar 29 13:20:23 vpnserver pluto[4553]: "roadwarrior-l2tp"[6] 201.15.136.27 #6: responding to Main Mode from unknown peer 201.15.136.27
Mar 29 13:20:23 vpnserver pluto[4553]: "roadwarrior-l2tp"[6] 201.15.136.27 #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 29 13:20:31 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar 29 13:20:31 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [FRAGMENTATION]
Mar 29 13:20:31 vpnserver pluto[4553]: packet from 201.15.136.27:50041: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Mar 29 13:20:31 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Vendor ID payload [Vid-Initial-Contact]
Mar 29 13:20:31 vpnserver pluto[4553]: "roadwarrior-l2tp"[7] 201.15.136.27 #7: responding to Main Mode from unknown peer 201.15.136.27
Mar 29 13:20:31 vpnserver pluto[4553]: "roadwarrior-l2tp"[7] 201.15.136.27 #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Mar 29 13:20:45 vpnserver pluto[4553]: packet from 201.15.136.27:50041: ignoring Delete SA payload: not encrypted
Mar 29 13:20:45 vpnserver pluto[4553]: packet from 201.15.136.27:50041: received and ignored informational message
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050329/02c42b84/attachment.htm


More information about the Users mailing list