[Openswan Users] WLAN IPsec implementation

Zach zach at zerobit.net
Thu May 12 20:04:11 CEST 2005 

Hello everyone, I'm having a difficult time setting up a VPN connection
between my XP2/SP2 notebook and Ubuntu box running Openswan 2.3.1 (My
problem seg faults 2.3.0). Here's the log of what's happening.

 

May 12 18:30:03 localhost pluto[10804]: "wireless"[2] 192.168.2.2 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3

May 12 18:30:03 localhost pluto[10804]: | sending reply packet to
192.168.2.2:500 (from port=500)

May 12 18:30:03 localhost pluto[10804]: | sending 1212 bytes for
STATE_MAIN_R2 through eth1:500 to 192.168.2.2:500:

<1212 bytes follow>

May 12 18:30:04 localhost pluto[10804]: | inserting event EVENT_SA_EXPIRE,
timeout in 28800 seconds for #1

May 12 18:30:04 localhost pluto[10804]: "wireless"[2] 192.168.2.2 #1: sent
MR3, ISAKMP SA established

May 12 18:30:04 localhost pluto[10804]: | modecfg pull: noquirk policy:push
not-client

May 12 18:30:04 localhost pluto[10804]: | phase 1 is done, looking for phase
1 to unpend

May 12 18:30:04 localhost pluto[10804]: | next event EVENT_NAT_T_KEEPALIVE
in 10 seconds

May 12 18:30:04 localhost pluto[10804]: |

May 12 18:30:04 localhost pluto[10804]: | *received 1332 bytes from
192.168.2.2:500 on eth1 (port=500)

<1332 bytes follow>

May 12 18:30:05 localhost pluto[10804]: | **parse ISAKMP Message:

May 12 18:30:05 localhost pluto[10804]: |    initiator cookie:

May 12 18:30:05 localhost pluto[10804]: |   e5 c4 e4 fb  70 bd f9 bf

May 12 18:30:05 localhost pluto[10804]: |    responder cookie:

May 12 18:30:05 localhost pluto[10804]: |   75 1e 16 f8  27 4b 9a 19

May 12 18:30:05 localhost pluto[10804]: |    next payload type:
ISAKMP_NEXT_ID

May 12 18:30:05 localhost pluto[10804]: |    ISAKMP version: ISAKMP Version
1.0

May 12 18:30:05 localhost pluto[10804]: |    exchange type:
ISAKMP_XCHG_IDPROT

May 12 18:30:05 localhost pluto[10804]: |    flags: ISAKMP_FLAG_ENCRYPTION

May 12 18:30:05 localhost pluto[10804]: |    message ID:  00 00 00 00

May 12 18:30:05 localhost pluto[10804]: |    length: 1332

May 12 18:30:05 localhost pluto[10804]: | ICOOKIE:  e5 c4 e4 fb  70 bd f9 bf

May 12 18:30:05 localhost pluto[10804]: | RCOOKIE:  75 1e 16 f8  27 4b 9a 19

May 12 18:30:05 localhost pluto[10804]: | peer:  c0 a8 02 02

May 12 18:30:05 localhost pluto[10804]: | state hash entry 27

May 12 18:30:05 localhost pluto[10804]: | peer and cookies match on #1,
provided msgid 00000000 vs 00000000

May 12 18:30:05 localhost pluto[10804]: | state object #1 found, in
STATE_MAIN_R3

May 12 18:30:05 localhost pluto[10804]: | processing connection wireless[2]
192.168.2.2

May 12 18:30:05 localhost pluto[10804]: "wireless"[2] 192.168.2.2 #1:
retransmitting in response to duplicate packet; already STATE_MAIN_R3

May 12 18:30:05 localhost pluto[10804]: | sending 1212 bytes for retransmit
in response to duplicate through eth1:500 to 192.168.2.2:500:

<1212 bytes follow>

 

Does that a couple times and fails on the windows side. Here's my
ipsec.conf:

 

# /etc/ipsec.conf - Openswan IPsec configuration file

# RCSID $Id: ipsec.conf.in,v 1.13 2004/03/24 04:14:39 ken Exp $

 

# This file:  /usr/share/doc/openswan/ipsec.conf-sample

#

# Manual:     ipsec.conf.5

 

version 2.0     # conforms to second version of ipsec.conf specification

 

# basic configuration

config setup

        # Debug-logging controls:  "none" for (almost) none, "all" for lots.

        klipsdebug=none

        plutodebug=all

        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

        nat_traversal=yes  < - does the same if off       

# Add connections here

 

 

        # Left security gateway, subnet behind it, next hop toward right.

conn %default

        left=192.168.2.1

        leftsubnet=192.168.2.1/32

        leftrsasigkey=%cert

        rightrsasigkey=%cert

        leftcert=host.cert.pem

        pfs=yes

 

 

conn wireless

        leftprotoport=17/1701

        rightprotoport=17/1701

        pfs=no

        rekey=no

        right=%any

        rightsubnet=vhost:%no,%priv

        auto=add

 

conn conntointernet

        leftsubnet=0.0.0.0/0

        also=wireless

 

#Disable Opportunistic Encryption

include /etc/ipsec.d/examples/no_oe.conf

 

 

Anyone know what might be going on there? Any help would be greatly
appreciated.

 

Regards, Zach

 

------------------------------------------------

PGP public key:

http://www.zerobit.net/zach.asc

 

KeyID:

0x98DEBD82 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050512/0e59ef1d/attachment-0001.htm

More information about the Users mailing list