[Openswan Users] Win XP SP2 and NAT + OS 2.3.1

Fabien Tivolle fabien.tivolle at phdmedical.com
Mon May 30 16:19:15 CEST 2005


Jacco, thank you for your help, and sorry for sending a faulty ipsec barf.
I have checked everything and and I am facing the same problem.

What options could I use to help troubleshooting?

I have tried the plutotdebug=all option but I can't find anything 
helpfull in there:
http://merou.homelinux.org/ipsec/ipsec-barf-plutotdebug.txt
the standard output is here
http://merou.homelinux.org/ipsec/ipsec-barf.txt

May 30 14:07:06 nposesdev pluto[5693]: "L2TP-cert-xpe2"[1] 192.168.204.119 #5: responding to Main Mode from unknown peer 192.168.204.119
May 30 14:07:06 nposesdev pluto[5693]: "L2TP-cert-xpe2"[1] 192.168.204.119 #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 30 14:07:22 nposesdev pluto[5693]: packet from 192.168.204.119:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 30 14:07:22 nposesdev pluto[5693]: packet from 192.168.204.119:500: ignoring Vendor ID payload [FRAGMENTATION]
May 30 14:07:22 nposesdev pluto[5693]: packet from 192.168.204.119:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
May 30 14:07:22 nposesdev pluto[5693]: packet from 192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 30 14:07:22 nposesdev pluto[5693]: "L2TP-cert-xpe2"[1] 192.168.204.119 #6: responding to Main Mode from unknown peer 192.168.204.119
May 30 14:07:22 nposesdev pluto[5693]: "L2TP-cert-xpe2"[1] 192.168.204.119 #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 30 14:07:54 nposesdev pluto[5693]: packet from 192.168.204.119:500: ignoring Delete SA payload: not encrypted
May 30 14:07:54 nposesdev pluto[5693]: packet from 192.168.204.119:500: received and ignored informational message
May 30 14:08:00 nposesdev pluto[5693]: "L2TP-cert-xpe2"[1] 192.168.204.119 #1: max number of retransmissions (2) reached STATE_MAIN_R1


#< /etc/ipsec.conf 1
version 2.0
config setup
       # Debug-logging controls:  "none" for (almost) none, "all" for lots.
       virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.204.0/24 
       #plutodebug=all      
       nat_traversal=yes

conn %default
      keyingtries=5
      compress=no
      disablearrivalcheck=no
      authby=rsasig
      leftrsasigkey=%cert
      rightrsasigkey=%cert
											    
conn L2TP-cert-xpe2
      left=192.168.204.101
      leftcert=phdtele000.pem
      leftprotoport=17/1701
      right=%any
      rightsubnet=vhost:%no,%priv    
      rightcert=xpe2.pem
      rightprotoport=17/1701
      auto=add
      pfs=no

# Disable OE encryption


and the setup is here:
http://merou.homelinux.org/ipsec/setup.png

Fabien


More information about the Users mailing list