[Openswan Users] L2TP/IPSEC (again)

Giovani Moda - MR Informática giovani at mrinformatica.com.br
Fri Nov 18 17:12:51 CET 2005 

Hi all,

First of all, openswan-2.4.4 natt and klips patches work perfectly with FC2 
(kernel-2.6.10-1.771_FC2).

Now, i'm trying to stabilish that damn tunnel between XP and Openswan, but I 
can't seem to find a way to make it work.

I'm noticing that connection seem to be droped prematurel when negotiating 
the tunnel.

Nov 18 16:59:48 main pluto[9530]: packet from a.b.c.d:500: ignoring Vendor 
ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Nov 18 16:59:48 main pluto[9530]: packet from a.b.c.d:500: ignoring Vendor 
ID payload [FRAGMENTATION]
Nov 18 16:59:48 main pluto[9530]: packet from a.b.c.d:500: received Vendor 
ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Nov 18 16:59:48 main pluto[9530]: packet from a.b.c.d: ignoring Vendor ID 
payload [Vid-Initial-Contact]
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[1] a.b.c.d #1: responding to 
Main Mode from unknown peer 192.168.1.173
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[1] a.b.c.d #1: transition from 
state STATE_MAIN_R0 to state STATE_MAIN_R1
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[1] a.b.c.d #1: STATE_MAIN_R1: 
sent MR1, expecting MI2
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[1] a.b.c.d #1: NAT-Traversal: 
Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[1] a.b.c.d #1: transition from 
state STATE_MAIN_R1 to state STATE_MAIN_R2
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[1] a.b.c.d #1: STATE_MAIN_R2: 
sent MR2, expecting MI3
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[1] a.b.c.d #1: Main mode peer ID 
is ID_DER_ASN1_DN: 'C=BR, ST=...'
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[2] a.b.c.d #1: deleting 
connection "inet-XP" instance with peer a.b.c.d {isakmp=#0/ipsec=#0}
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[2] a.b.c.d #1: I am sending my 
cert
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[2] a.b.c.d #1: transition from 
state STATE_MAIN_R2 to state STATE_MAIN_R3
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[2] a.b.c.d #1: STATE_MAIN_R3: 
sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG 
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[2] a.b.c.d #2: responding to 
Quick Mode {msgid:618f71f4}
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[2] a.b.c.d #2: transition from 
state STATE_QUICK_R0 to state STATE_QUICK_R1
Nov 18 16:59:48 main pluto[9530]: "inet-XP"[2] a.b.c.d #2: STATE_QUICK_R1: 
sent QR1, inbound IPsec SA installed, expecting QI2
Nov 18 16:59:49 main pluto[9530]: "inet-XP"[2] a.b.c.d #2: transition from 
state STATE_QUICK_R1 to state STATE_QUICK_R2
Nov 18 16:59:49 main pluto[9530]: "inet-XP"[2] a.b.c.d #2: STATE_QUICK_R2: 
IPsec SA established {ESP=>0x54187660 <0x982e9c37 xfrm=3DES_0-HMAC_MD5 
NATD=192.168.1.173:500 DPD=none}
Nov 18 16:59:54 main pluto[9530]: "inet-XP"[2] a.b.c.d #1: received Delete 
SA(0x54187660) payload: deleting IPSEC State #2
Nov 18 16:59:54 main pluto[9530]: "inet-XP"[2] a.b.c.d #1: received and 
ignored informational message
Nov 18 16:59:54 main pluto[9530]: "inet-XP"[2] a.b.c.d #1: received Delete 
SA payload: deleting ISAKMP State #1
Nov 18 16:59:54 main pluto[9530]: "inet-XP"[2] a.b.c.d: deleting connection 
"inet-XP" instance with peer a.b.c.d {isakmp=#0/ipsec=#0}

I don't know if this is a normal behavior or not, but should that "Nov 18 
16:59:48 main pluto[9530]: "inet-XP"[2] a.b.c.d #1: deleting connection 
"inet-XP" instance with peer a.b.c.d {isakmp=#0/ipsec=#0}" line be there 
right after STATE_MAIN_R2? 'Cause I can't see anything going through the 
tunnel after the connection is stabilished. What am I doing wrong?

Thanks,

Giovani

More information about the Users mailing list