[Openswan Users] Win XP SP2 and NAT + OS 2.3.1

[Fabien Tivolle]

Hello,

I have a "common setup" with a windows XPpro SP2 client which is NATed 
(behind a WRT54G) and which tries to connect to an OpenSwan server.
I have tried this setup with a debian kernel 2.6.10 and openswan 2.2. I 
have then upgraded to Kernel  2.6.11 and Openswan 2.3.1 but I have still 
these error messages:

ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]


The setup is working fine when the windows client is not NATed.
I can't find what is wrong, may be someone has a similar setup working?

Thanks for any advice!
Fabien

=====================

Here is my setup in the lab for testing:
http://merou.homelinux.org/setup.

And the ipsec barf output:
http://merou.homelinux.org/barf.txtpng


The "interesting" part is

May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set 
to=106 May 27 15:41:37 nposesdev pluto[2670]: packet from 
192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:37 nposesdev pluto[2670]: "L2TP-cert-xpe2" #1: responding 
to Main Mode
May 27 15:41:37 nposesdev pluto[2670]: "L2TP-cert-xpe2" #1: transition 
from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set 
to=106 May 27 15:41:38 nposesdev pluto[2670]: packet from 
192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:38 nposesdev pluto[2670]: "L2TP-cert-xpe2" #2: responding 
to Main Mode
May 27 15:41:38 nposesdev pluto[2670]: "L2TP-cert-xpe2" #2: transition 
from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: 
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set 
to=106 May 27 15:41:40 nposesdev pluto[2670]: packet from 
192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:40 nposesdev pluto[2670]: "L2TP-cert-xpe2" #3: responding 
to Main Mode


version 2.0
config setup
      # Debug-logging controls:  "none" for (almost) none, "all" for lots.
      virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
      nat_traversal=yes

conn %default
     keyingtries=5
     compress=no
     disablearrivalcheck=no
     authby=rsasig
     leftrsasigkey=%cert
     rightrsasigkey=%cert
                                                conn L2TP-cert-xpe2
     authby=rsasig
     left=192.168.204.101
     leftcert=phdtele000.pem
     leftprotoport=17/1701
     right=192.168.204.119
     rightsubnet=192.168.19.50/32
     rightcert=xpe2.pem
     rightprotoport=17/1701
     auto=add
     pfs=no