[Openswan Users] stuck at Negotiating IP Security.

darkrealm darkrealm.drjj at gmail.com
Fri Sep 16 00:52:53 CEST 2005 

i have disabled both (one at a time) and it still didnt work (i added
the comma as well, stupid mistake) these are the logs from
/var/log/secure:

Sep 15 23:52:38 darkrealm pluto[29775]: packet from 192.168.2.100:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
set to=106
Sep 15 23:52:38 darkrealm pluto[29775]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 15 23:52:38 darkrealm pluto[29775]: packet from 192.168.2.100:500:
initial Main Mode message received on 192.168.2.101:500 but no
connection has been authorized
Sep 15 23:52:46 darkrealm pluto[29775]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Sep 15 23:52:46 darkrealm pluto[29775]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [FRAGMENTATION]
Sep 15 23:52:46 darkrealm pluto[29775]: packet from 192.168.2.100:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method
set to=106
Sep 15 23:52:46 darkrealm pluto[29775]: packet from 192.168.2.100:500:
ignoring Vendor ID payload [Vid-Initial-Contact]
Sep 15 23:52:46 darkrealm pluto[29775]: packet from 192.168.2.100:500:
initial Main Mode message received on 192.168.2.101:500 but no
connection has been authorized
Sep 15 23:52:48 darkrealm pluto[29775]: packet from 192.168.2.100:500:
ignoring Delete SA payload: not encrypted
Sep 15 23:52:48 darkrealm pluto[29775]: packet from 192.168.2.100:500:
received and ignored informational message



i think i'm getting these messages when trying to ping it witch still says

Pinging 192.168.2.101 with 32 bytes of data:

Negotiating IP Security.
Negotiating IP Security.
Negotiating IP Security.
Negotiating IP Security.

Ping statistics for 192.168.2.101:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

i've tried it multiple times after eachother.. doesn't seem to work

On 9/15/05, Paul Wouters <paul at xelerance.com> wrote:
> On Thu, 15 Sep 2005, darkrealm wrote:
> 
> >       virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16%v4:192.168.2.0/16
> 
> The "16%v4" seems mangled and mising a comma. That causes the line to be
> rejected, and NAT-T to fail.
> 
> > conn roadwarrior-l2tp
> >       pfs=no
> >       leftprotoport=17/0
> >       rightprotoport=17/1701
> >       also=roadwarrior
> 
> use leftprotoport=17/%any
> 
> > conn roadwarrior-l2tp-updatedwin
> 
> and then you dont need that one.
> 
> > conn roadwarrior
> >       left=%defaultroute
> >       leftcert=darkrealm.pem
> >       right=%any
> >       rightsubnet=vhost:%no,%priv
> >       auto=add
> >       pfs=yes
> 
> dont mix X509 and L2TP right away. First confirm that they work
> seperately by disabling one of them using auto=ignore, and only
> when both work seperately, try to see how it works if you combine
> them. I've seen problems with this and I'm not convinced this can
> work at all.
> 
> Since you didnt post logs of either the windows or openswan side,
> I cannot say more.
> 
> Paul
> --
> 
> "Happiness is never grand"
> 
>         --- Mustapha Mond, World Controller (Brave New World)
> 


-- 
Check my website :-) www.darkrealm.nl

More information about the Users mailing list