[Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT

Fri Aug 4 12:48:34 EDT 2006

On Fri, 4 Aug 2006, Meron Lavie wrote:

>  8-03: 23:17:09:656:8c0 AUTH: Phase I authentication accepted

>  8-03: 23:17:09:906:8c0 Phase 2 SA accepted: proposal=1 transform=1

>  8-03: 23:17:19:906:8c0 Receive: (get) SA = 0x0011e920 from
> 111.111.111.111.4500
>  8-03: 23:17:19:906:8c0 ISAKMP Header: (V1.0), len = 196
>  8-03: 23:17:19:906:8c0   I-COOKIE cb52bf6e60974bee
>  8-03: 23:17:19:906:8c0   R-COOKIE 2b03ae1cc8c9f53e
>  8-03: 23:17:19:906:8c0   exchange: Oakley Quick Mode
>  8-03: 23:17:19:906:8c0   flags: 1 ( encrypted )
>  8-03: 23:17:19:906:8c0   next payload: HASH
>  8-03: 23:17:19:906:8c0   message ID: 8d2d8755
>  8-03: 23:17:19:906:8c0 invalid payload received
>  8-03: 23:17:19:906:8c0 Resending last payload

Here something goes wrong, not entirely sure why. Does openswan log an error?

>  8-03: 23:17:19:906:8c0 Sending: SA = 0x0011E920 to 111.111.111.111:Type
> 4.4500
>  8-03: 23:17:19:906:8c0 ISAKMP Header: (V1.0), len = 52
>  8-03: 23:17:19:906:8c0   I-COOKIE cb52bf6e60974bee
>  8-03: 23:17:19:906:8c0   R-COOKIE 2b03ae1cc8c9f53e
>  8-03: 23:17:19:906:8c0   exchange: Oakley Quick Mode
>  8-03: 23:17:19:906:8c0   flags: 1 ( encrypted )
>  8-03: 23:17:19:906:8c0   next payload: HASH
>  8-03: 23:17:19:906:8c0   message ID: 8d2d8755
>  8-03: 23:17:19:906:8c0 Ports S:9411 D:9411
>  8-03: 23:17:19:906:8c0 GetPacket failed 3613
>  8-03: 23:17:44:921:8c0 QM Deleted. Notify from driver: Src 192.168.1.22
> Dest 111.111.111.111 InSPI 2662854523 OutSpi 2671731549  Tunnel 0

Here windows hangs up.

It's hard to say, but I suspect a misconfiguration, eg both ends disagree on
something in phase 2?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155