[Openswan Users] seems ok but receive 678 error
Paul Wouters
paul at xelerance.com
Fri May 20 17:21:44 CEST 2005
On Thu, 19 May 2005, Luca Ballerini wrote:
> Fixed the certificate issue, no more errors about it but win xp client
> seems to loop and finally receive '678 No answer' error.I attach new
> log extract. Wait for some helpful hints.
You get the IPsec SA up, but then another negotiation restarts it.
Is this openswan 2.2.x? It has some problems like this.
Paul
> thanks in advance
>
> luca
>
> May 19 11:57:53 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[48]
> CLIENTIP:4500 #49: responding to Quick Mode
> May 19 11:57:53 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[48]
> CLIENTIP:4500 #49: transition from state STATE_QUICK_R0 to state
> STATE_QUICK_R1
> May 19 11:57:53 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[48]
> CLIENTIP:4500 #49: transition from state STATE_QUICK_R1 to state
> STATE_QUICK_R2
> May 19 11:57:53 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[48]
> CLIENTIP:4500 #49: IPsec SA established {ESP/NAT=>0x19e40bf8
> <0x97611071 NATOA=CLIENTLOCALIP}
> May 19 11:57:53 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> May 19 11:57:53 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> ignoring Vendor ID payload [FRAGMENTATION]
> May 19 11:57:53 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
> set to=106
> May 19 11:57:53 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[49]
> CLIENTIP #50: responding to Main Mode from unknown peer CLIENTIP
> May 19 11:57:53 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[49]
> CLIENTIP #50: transition from state STATE_MAIN_R0 to state
> STATE_MAIN_R1
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[49]
> CLIENTIP #50: NAT-Traversal: Result using
> draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[49]
> CLIENTIP #50: transition from state STATE_MAIN_R1 to state
> STATE_MAIN_R2
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[49]
> CLIENTIP #50: Main mode peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Marche,
> L=Montegranaro, O=FILTERED, CN=FILTERED, E=EMAILFILTERED'
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP #50: deleting connection "roadwarrior-l2tp" instance with
> peer CLIENTIP {isakmp=#0/ipsec=#0}
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP #50: I am sending my cert
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP #50: deleting connection "roadwarrior-l2tp" instance with
> peer CLIENTIP {isakmp=#48/ipsec=#49}
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp" #49:
> deleting state (STATE_QUICK_R2)
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp" #48:
> deleting state (STATE_MAIN_R3)
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP #50: transition from state STATE_MAIN_R2 to state
> STATE_MAIN_R3
> May 19 11:57:54 SERVERNAME pluto[2131]: | NAT-T: new mapping CLIENTIP:500/4500)
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP:4500 #50: sent MR3, ISAKMP SA established
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP:4500 #51: responding to Quick Mode
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP:4500 #51: transition from state STATE_QUICK_R0 to state
> STATE_QUICK_R1
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP:4500 #51: transition from state STATE_QUICK_R1 to state
> STATE_QUICK_R2
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[50]
> CLIENTIP:4500 #51: IPsec SA established {ESP/NAT=>0xb737329b
> <0x95c4dbd8 NATOA=CLIENTLOCALIP}
> May 19 11:57:54 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> May 19 11:57:54 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> ignoring Vendor ID payload [FRAGMENTATION]
> May 19 11:57:54 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
> set to=106
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[51]
> CLIENTIP #52: responding to Main Mode from unknown peer CLIENTIP
> May 19 11:57:54 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[51]
> CLIENTIP #52: transition from state STATE_MAIN_R0 to state
> STATE_MAIN_R1
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[51]
> CLIENTIP #52: NAT-Traversal: Result using
> draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[51]
> CLIENTIP #52: transition from state STATE_MAIN_R1 to state
> STATE_MAIN_R2
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[51]
> CLIENTIP #52: Main mode peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Marche,
> L=Montegranaro, O=FILTERED, CN=FILTERED, E=EMAILFILTERED'
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP #52: deleting connection "roadwarrior-l2tp" instance with
> peer CLIENTIP {isakmp=#0/ipsec=#0}
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP #52: I am sending my cert
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP #52: deleting connection "roadwarrior-l2tp" instance with
> peer CLIENTIP {isakmp=#50/ipsec=#51}
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp" #51:
> deleting state (STATE_QUICK_R2)
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp" #50:
> deleting state (STATE_MAIN_R3)
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP #52: transition from state STATE_MAIN_R2 to state
> STATE_MAIN_R3
> May 19 11:57:55 SERVERNAME pluto[2131]: | NAT-T: new mapping CLIENTIP:500/4500)
> May 19 11:57:55 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP:4500 #52: sent MR3, ISAKMP SA established
> May 19 11:57:56 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP:4500 #53: responding to Quick Mode
> May 19 11:57:56 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP:4500 #53: transition from state STATE_QUICK_R0 to state
> STATE_QUICK_R1
> May 19 11:57:56 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP:4500 #53: transition from state STATE_QUICK_R1 to state
> STATE_QUICK_R2
> May 19 11:57:56 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[52]
> CLIENTIP:4500 #53: IPsec SA established {ESP/NAT=>0xd54b7553
> <0xbbf1ea3a NATOA=CLIENTLOCALIP}
> May 19 11:57:56 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
> May 19 11:57:56 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> ignoring Vendor ID payload [FRAGMENTATION]
> May 19 11:57:56 SERVERNAME pluto[2131]: packet from CLIENTIP:500:
> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
> set to=106
> May 19 11:57:56 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[53]
> CLIENTIP #54: responding to Main Mode from unknown peer CLIENTIP
> May 19 11:57:56 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[53]
> CLIENTIP #54: transition from state STATE_MAIN_R0 to state
> STATE_MAIN_R1
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[53]
> CLIENTIP #54: NAT-Traversal: Result using
> draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[53]
> CLIENTIP #54: transition from state STATE_MAIN_R1 to state
> STATE_MAIN_R2
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[53]
> CLIENTIP #54: Main mode peer ID is ID_DER_ASN1_DN: 'C=IT, ST=Marche,
> L=Montegranaro, O=FILTERED, CN=FILTERED, E=EMAILFILTERED'
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[54]
> CLIENTIP #54: deleting connection "roadwarrior-l2tp" instance with
> peer CLIENTIP {isakmp=#0/ipsec=#0}
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[54]
> CLIENTIP #54: I am sending my cert
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[54]
> CLIENTIP #54: deleting connection "roadwarrior-l2tp" instance with
> peer CLIENTIP {isakmp=#52/ipsec=#53}
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp" #53:
> deleting state (STATE_QUICK_R2)
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp" #52:
> deleting state (STATE_MAIN_R3)
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[54]
> CLIENTIP #54: transition from state STATE_MAIN_R2 to state
> STATE_MAIN_R3
> May 19 11:57:57 SERVERNAME pluto[2131]: | NAT-T: new mapping CLIENTIP:500/4500)
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[54]
> CLIENTIP:4500 #54: sent MR3, ISAKMP SA established
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[54]
> CLIENTIP:4500 #55: responding to Quick Mode
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[54]
> CLIENTIP:4500 #55: transition from state STATE_QUICK_R0 to state
> STATE_QUICK_R1
> May 19 11:57:57 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[54]
> CLIENTIP:4500 #54: received Delete SA payload: deleting ISAKMP State
> #54
> May 19 11:57:57 SERVERNAME pluto[2131]: packet from CLIENTIP:4500:
> received and ignored informational message
> May 19 11:58:26 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[47]
> CLIENTIP:4500 #47: max number of retransmissions (2) reached
> STATE_MAIN_R2
> May 19 11:58:26 SERVERNAME pluto[2131]: "roadwarrior-l2tp"[47]
> CLIENTIP:4500: deleting connection "roadwarrior-l2tp" instance with
> peer CLIENTIP {isakmp=#0/ipsec=#0}
>
>
More information about the Users
mailing list