[Openswan Users] Problem with conn road

sasa sasa at shoponweb.it
Fri Oct 28 20:48:18 CEST 2005


..now the situation is the following:

with:

# nat_traversal = y
..
leftprotoport=17/1701
..
82.189.185.189 %any :  PSK "123456789"

on XP client/VPN I have:
errore 792 

on VPN Server I have:
Can't authenticate: no preshared key found for `82.189.185.189' and `%any'.  Attribute OAKLEY_AUTHENTICATION_METHOD

..instead with:

nat_traversal = y
leftprotoport=17/0
82.189.185.189 %any :  PSK "123456789"

on XP client/VPN I have:
errore 678

on VPN Server I have:

Oct 28 18:22:43 test2 pluto[9746]: packet from 213.45.198.191:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 28 18:22:43 test2 pluto[9746]: packet from 213.45.198.191:500: ignoring Vendor ID payload [FRAGMENTATION]
Oct 28 18:22:43 test2 pluto[9746]: packet from 213.45.198.191:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Oct 28 18:22:43 test2 pluto[9746]: packet from 213.45.198.191:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Oct 28 18:22:43 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: responding to Main Mode from unknown peer 213.45.198.191
Oct 28 18:22:43 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 28 18:22:44 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Oct 28 18:22:44 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 28 18:22:44 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: Main mode peer ID is ID_IPV4_ADDR: '213.45.198.191'
Oct 28 18:22:44 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: I did not send a certificate because I do not have one.
Oct 28 18:22:44 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Oct 28 18:22:44 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: sent MR3, ISAKMP SA established
Oct 28 18:22:45 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #2: responding to Quick Mode {msgid:60504ef8}
Oct 28 18:22:45 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Oct 28 18:22:45 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Oct 28 18:22:45 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #2: IPsec SA established {ESP=>0x3dfc7368 <0x4623b45b xfrm=3DES_0-HMAC_MD5}
Oct 28 18:23:20 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: received Delete SA(0x3dfc7368) payload: deleting IPSEC State #2
Oct 28 18:23:20 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: received and ignored informational message..instead with:

#nat_traversal = y
leftprotoport=17/1701
82.189.185.189 :  PSK "123456789"

on XP client/VPN I have:
errore 678

on VPN Server I have:

Oct 28 18:22:45 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #2: IPsec SA established {ESP=>0x3dfc7368 <0x4623b45b xfrm=3DES_0-HMAC_MD5}
Oct 28 18:23:20 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: received Delete SA(0x3dfc7368) payload: deleting IPSEC State #2
Oct 28 18:23:20 test2 pluto[9746]: "left-road"[1] 213.45.198.191 #1: received and ignored informational

thanks.

        Salvatore.




----- Original Message ----- 
From: "Jacco de Leeuw" <jacco2 at dds.nl>
To: <users at openswan.org>
Sent: Friday, October 28, 2005 4:32 PM
Subject: Re: [Openswan Users] Problem with conn road


> sasa wrote:
> 
> >>In your previous e-mail it worked so you must have changed something.
> > 
> > ..no, only messagge then I think is interesting for my problem is:
> 
> Well, I still think *something* must have been changed, otherwise
> you would have seen the same successful IPsec connection.
> 
> Send me your 'ipsec barf' output by private e-mail and I'll take a look.
> (Prefarbly gzip it first).
> 
> > no, the XP client (already with SP2) is connect to Internet with a dial-up connections !
> 
> Your previous successful IPsec connection used 17/0 as the protocol/port.
> This indicates a non-updated Windows client. So you either installed
> SP2 following that successful IPsec connection or it was a completely
> different computer altogether.
> 
> Jacco
> -- 
> Jacco de Leeuw                         mailto:jacco2 at dds.nl
> Zaandam, The Netherlands           http://www.jacco2.dds.nl
>                      Mosquitos suck
> 


More information about the Users mailing list