[Openswan Users] Strange Problem with L2TP/IPSec

Ravi Verma ravi.verma at telecommand.com
Thu Sep 1 15:15:45 CEST 2005 

Hello Friends:

I am having a strange problem. I have an Openswan setup for VPN connection
for L2TP/IPSec and Openswan-Openswan connection. It is running on Fedora
Core 4. I am able to connect to the VPN server with my Linux laptop and
from Windows XP from home without any problem.

But when I my colleague tries to connect to the Openswan server, I observe
an error in the /var/log/secure file at the Openswan server that my laptop
has already used that virtual IP address my colleague is connecting from.
while I or my Linux laptop has never been to that site.

Any idea as to what can cause this and how to get around this issue?


 "roadwarrior-l2tp"[5] XXX.225.241.XXX #15: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}

Sep  1 13:55:11 lb pluto[4366]: "roadwarrior-l2tp"[5] 205.225.241.126 #15:
Virtual IP XXX.225.241.XXX/32 is already used by '@ravi.telecommand.com'


[root at lb ~]# cat /etc/ipsec.conf
version 2.0
config setup
        interfaces="%defaultroute ipsec0=eth0:0"
        klipsdebug=none
        plutodebug=none
        overridemtu=1410
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m

conn roadwarrior-net
        leftsubnet=10.4.0.0/16
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior-l2tp
        leftprotoport=17/0
        rightprotoport=17/1701
        authby=secret
        also=roadwarrior

conn roadwarrior-l2tp-updatedwin
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior
        pfs=no
        left=66.60.178.181
        leftnexthop=66.60.178.161
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add

conn ravilaptop2
    left=66.60.178.182                 # Local vitals
    leftsubnet=10.2.0.0/16      #
    leftid=@lb.telecommand.com         #
    leftrsasigkey=0sAQOJti.....
    leftnexthop=66.60.178.161     # correct in many situations
    right=%any                # Remote vitals
    rightsubnet=0.0.0.0/0        #
    rightid=@ravi.telecommand.com        #
    rightrsasigkey=0sAQPJ6XXer....
    authby=rsasig
    auto=add                       # authorizes but doesn't start this
                                   # connection at startup
conn ravilaptop4
    left=XX.60.178.XXX                 # Local vitals
    leftsubnet=10.4.0.0/16      #
    leftid=@lb.telecommand.com         #
    leftrsasigkey=0sAQOJti....
    right=%any                # Remote vitals
    rightsubnet=0.0.0.0/0        #
    rightid=@ravi.telecommand.com        #
    rightrsasigkey=0sAQPJ6XXer....

include /etc/ipsec.d/examples/no_oe.conf

More information about the Users mailing list