[Openswan Users] win XP SP2 and NAT + OS 2.3.1
Fabien Tivolle
fabien at opensolution.ca
Mon May 30 09:59:30 CEST 2005
Hello,
I have a "common setup" with a windows XPpro SP2 client which is NATed
(behind a WRT54G) and which tries to connect to an OpenSwan server.
I have tried this setup with a debian kernel 2.6.10 and openswan 2.2. I
have then upgraded to Kernel 2.6.11 and Openswan 2.3.1 but I have still
these error messages:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
The setup is working fine when the windows client is not NATed.
I can't find what is wrong, may be someone has a similar setup working?
Thanks for any advice!
Fabien
=====================
Here is my setup in the lab for testing:
http://merou.homelinux.org/setup.
And the ipsec barf output:
http://merou.homelinux.org/barf.txtpng
The "interesting" part is
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
May 27 15:41:37 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:37 nposesdev pluto[2670]: "L2TP-cert-xpe2" #1: responding to Main Mode
May 27 15:41:37 nposesdev pluto[2670]: "L2TP-cert-xpe2" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
May 27 15:41:38 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:38 nposesdev pluto[2670]: "L2TP-cert-xpe2" #2: responding to Main Mode
May 27 15:41:38 nposesdev pluto[2670]: "L2TP-cert-xpe2" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [FRAGMENTATION]
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
May 27 15:41:40 nposesdev pluto[2670]: packet from 192.168.204.119:500: ignoring Vendor ID payload [Vid-Initial-Contact]
May 27 15:41:40 nposesdev pluto[2670]: "L2TP-cert-xpe2" #3: responding to Main Mode
version 2.0
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
nat_traversal=yes
conn %default
keyingtries=5
compress=no
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn L2TP-cert-xpe2
authby=rsasig
left=192.168.204.101
leftcert=phdtele000.pem
leftprotoport=17/1701
right=192.168.204.119
rightsubnet=192.168.19.50/32
rightcert=xpe2.pem
rightprotoport=17/1701
auto=add
pfs=no
More information about the Users
mailing list