[Openswan Users] ignoring Vendor ID payload
Norbert Wegener
nw at sbs.de
Thu Oct 6 22:59:56 CEST 2005
Maybe I can give a partial answer myself:
At least in one case I could confirm, that there has been a temporary
problem with the routing on one machine. The server answered the
client's requests on the wrong interface, so that the answer never
reached the client.
Norbert
Paul Wouters wrote:
> On Thu, 6 Oct 2005, Norbert Wegener wrote:
>
>> Sometimes I get this messages on the server side. In this case no
>> further communication is possible for the client.
>> This happens as well with the latest strongswan as with the latest
>> openswan. The client here is a Windows XP.
>> A connection to a *swan gateway that is configured identically works
>> for the client.
>> Any ideas, what might cause this?
>
>
> No, but there are a few reports about l2tp (ipsec transport mode),
> packet size,
> icmp/fragmentation issues.
>
> Paul
>
>> Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
>> Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [FRAGMENTATION]
>> Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
>> Oct 6 16:21:39 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [Vid-Initial-Contact]
>> Oct 6 16:21:39 lnxhan pluto[30400]: "ad-l2tp-linuxnat"[1]
>> 203.92.85.138 #1: responding to Main Mode from unknown peer
>> 203.92.85.138
>> Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
>> Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [FRAGMENTATION]
>> Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
>> Oct 6 16:21:43 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [Vid-Initial-Contact]
>> Oct 6 16:21:43 lnxhan pluto[30400]: "ad-l2tp-linuxnat"[1]
>> 203.92.85.138 #2: responding to Main Mode from unknown peer
>> 203.92.85.138
>> Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
>> Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [FRAGMENTATION]
>> Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
>> Oct 6 16:21:51 lnxhan pluto[30400]: packet from 203.92.85.138:500:
>> ignoring Vendor ID payload [Vid-Initial-Contact]
>>
>> ipsec auto --status shows at the end:
>>
>> 000 #8: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
>> expecting MI2); EVENT_RETRANSMIT in 15s
>> 000 #5: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
>> expecting MI2); EVENT_RETRANSMIT in 8s
>> 000 #9: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
>> expecting MI2); EVENT_RETRANSMIT in 3s
>> 000 #7: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
>> expecting MI2); EVENT_RETRANSMIT in 11s
>> 000 #6: "ad-l2tp-linuxnat"[2] 203.92.85.138 STATE_MAIN_R1 (sent MR1,
>> expecting MI2); EVENT_RETRANSMIT in 9s
>> 000
>>
>> Norbert
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
>
More information about the Users
mailing list