[Openswan Users] win XP SP2 and NAT + OS 2.3.1

Fabien Tivolle fabien at opensolution.ca
Mon May 30 09:59:30 CEST 2005


Hello,

I have a "common setup" with a windows XPpro SP2 client which is NATed 
(behind a WRT54G) and which tries to connect to an OpenSwan server.
I have tried this setup with a debian kernel 2.6.10 and openswan 2.2. I 
have then upgraded to Kernel  2.6.11 and Openswan 2.3.1 but I have still 
these error messages:

ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]


The setup is working fine when the windows client is not NATed.
I can't find what is wrong, may be someone has a similar setup working?

Thanks for any advice!
Fabien

=====================

Here is my setup in the lab for testing:
http://merou.homelinux.org/setup.

And the ipsec barf output:
http://merou.homelinux.org/barf.txtpng


The "interesting" part is

May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:37 nposesdev pluto[2670]: "L2TP-cert-xpe2" #1: responding to Main Mode
May 27 15:41:37 nposesdev pluto[2670]: "L2TP-cert-xpe2" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:38 nposesdev pluto[2670]: "L2TP-cert-xpe2" #2: responding to Main Mode
May 27 15:41:38 nposesdev pluto[2670]: "L2TP-cert-xpe2" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:40 nposesdev pluto[2670]: "L2TP-cert-xpe2" #3: responding to Main Mode


version 2.0
config setup
       # Debug-logging controls:  "none" for (almost) none, "all" for lots.
       virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
       nat_traversal=yes

conn %default
      keyingtries=5
      compress=no
      disablearrivalcheck=no
      authby=rsasig
      leftrsasigkey=%cert
      rightrsasigkey=%cert
											    
conn L2TP-cert-xpe2
      authby=rsasig
      left=192.168.204.101
      leftcert=phdtele000.pem
      leftprotoport=17/1701
      right=192.168.204.119
      rightsubnet=192.168.19.50/32
      rightcert=xpe2.pem
      rightprotoport=17/1701
      auto=add
      pfs=no






More information about the Users mailing list