[Openswan Users]
respond to IPsec SA request because no connection is known for
Greg
gregory.domagala at aliceadsl.fr
Tue Aug 8 16:38:09 EDT 2006
Hello List,
I’m trying to configure a VPN gateway between openswan and
windows xp SP2.
I”ve no problem to open a “simple”’ ipsec tunnel, but when I
want to use L2TP, the client give me this error (Error 789: L2TP-Connection
failed, since a processing error arose during it first safety from action
with the remote computer) and the server (respond to IPsec SA request
because no connection is known for 81.127.61.93/32===192.168.0.4[C=FR,
ST=FRANCE, L=LOCATION, O=WEF, OU=INFO, CN=TEST,
E=root at test.com]:17/1701...80.10.30.143[C=FR, ST=FRANCE, L=LOCATION, O=WEF,
OU=INFO, CN=TEST, E=root at test.com]:17/1701)
Please help
Thanks,
GD
My ipsec.conf (cf nate Carlson site)
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
# Debug-logging controls :«none» for (almost) none,«all» for lots.
klipsdebug=none
plutodebug="none"
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior-net
leftsubnet=192.168.0.0/255.255.255.0
also=roadwarrior
conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior
conn roadwarrior
left=%defaultroute
leftcert=cert.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior-l2tp
left=%defaultroute
leftcert=cert.pem
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
pfs=no
auto=add
type=transport
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
LOG
Aug 8 06:59:42 darko ipsec__plutorun: Starting Pluto subsystem...
Aug 8 06:59:42 darko pluto[23921]: Starting Pluto (Openswan Version 2.4.4
X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEz}FFFfgr_e)
Aug 8 06:59:42 darko pluto[23921]: Setting NAT-Traversal port-4500 floating
to on
Aug 8 06:59:42 darko pluto[23921]: port floating activation criteria
nat_t=1/port_fload=1
Aug 8 06:59:42 darko pluto[23921]: including NAT-Traversal patch (Version
0.6c)
Aug 8 06:59:42 darko pluto[23921]: ike_alg_register_enc(): Activating
OAKLEY_AES_CBC: Ok (ret=0)
Aug 8 06:59:42 darko pluto[23921]: starting up 1 cryptographic helpers
Aug 8 06:59:42 darko pluto[23921]: started helper pid=23931 (fd:6)
Aug 8 06:59:42 darko pluto[23921]: Using Linux 2.6 IPsec interface code on
2.6.14-1.1656_FC4smp
Aug 8 06:59:42 darko pluto[23921]: Changing to directory
'/etc/ipsec.d/cacerts'
Aug 8 06:59:42 darko pluto[23921]: loaded CA cert file 'vpn2.pem' (3358
bytes)
Aug 8 06:59:42 darko pluto[23921]: loaded CA cert file 'cacert.pem' (1253
bytes)
Aug 8 06:59:42 darko pluto[23921]: Could not change to directory
'/etc/ipsec.d/aacerts'
Aug 8 06:59:42 darko pluto[23921]: Could not change to directory
'/etc/ipsec.d/ocspcerts'
Aug 8 06:59:42 darko pluto[23921]: Changing to directory
'/etc/ipsec.d/crls'
Aug 8 06:59:42 darko pluto[23921]: loaded crl file 'crl.pem' (499 bytes)
Aug 8 06:59:42 darko pluto[23921]: loaded host cert file
'/etc/ipsec.d/certs/cert.pem' (3611 bytes)
Aug 8 06:59:42 darko pluto[23921]: added connection description
"roadwarrior-l2tp"
Aug 8 06:59:43 darko pluto[23921]: loaded host cert file
'/etc/ipsec.d/certs/cert.pem' (3611 bytes)
Aug 8 06:59:43 darko pluto[23921]: added connection description
"roadwarrior"
Aug 8 06:59:43 darko pluto[23921]: loaded host cert file
'/etc/ipsec.d/certs/cert.pem' (3611 bytes)
Aug 8 06:59:43 darko pluto[23921]: added connection description
"roadwarrior-all"
Aug 8 06:59:43 darko pluto[23921]: loaded host cert file
'/etc/ipsec.d/certs/cert.pem' (3611 bytes)
Aug 8 06:59:43 darko pluto[23921]: added connection description
"roadwarrior-l2tp-oldwin"
Aug 8 06:59:43 darko pluto[23921]: loaded host cert file
'/etc/ipsec.d/certs/cert.pem' (3611 bytes)
Aug 8 06:59:43 darko pluto[23921]: added connection description
"roadwarrior-net"
Aug 8 06:59:43 darko pluto[23921]: listening for IKE messages
Aug 8 06:59:43 darko pluto[23921]: adding interface eth0/eth0
192.168.0.4:500
Aug 8 06:59:43 darko pluto[23921]: adding interface eth0/eth0
192.168.0.4:4500
Aug 8 06:59:43 darko pluto[23921]: adding interface lo/lo 127.0.0.1:500
Aug 8 06:59:43 darko pluto[23921]: adding interface lo/lo 127.0.0.1:4500
Aug 8 06:59:43 darko pluto[23921]: adding interface lo/lo ::1:500
Aug 8 06:59:43 darko pluto[23921]: loading secrets from
"/etc/ipsec.secrets"
Aug 8 06:59:43 darko pluto[23921]: loading secrets from
"/etc/ipsec.d/hostkey.secrets"
Aug 8 06:59:43 darko pluto[23921]: loaded private key file
'/etc/ipsec.d/private/cert.key' (1659 bytes)
Aug 8 07:02:49 darko pluto[23921]: packet from 80.10.30.143:500: ignoring
Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 8 07:02:49 darko pluto[23921]: packet from 80.10.30.143:500: ignoring
Vendor ID payload [FRAGMENTATION]
Aug 8 07:02:49 darko pluto[23921]: packet from 80.10.30.143:500: received
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Aug 8 07:02:49 darko pluto[23921]: packet from 80.10.30.143:500: ignoring
Vendor ID payload [Vid-Initial-Contact]
Aug 8 07:02:49 darko pluto[23921]: "roadwarrior-l2tp"[1] 80.10.30.143 #1:
responding to Main Mode from unknown peer 80.10.30.143
Aug 8 07:02:49 darko pluto[23921]: "roadwarrior-l2tp"[1] 80.10.30.143 #1:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 8 07:02:49 darko pluto[23921]: "roadwarrior-l2tp"[1] 80.10.30.143 #1:
STATE_MAIN_R1: sent MR1, expecting MI2
Aug 8 07:02:50 darko pluto[23921]: "roadwarrior-l2tp"[1] 80.10.30.143 #1:
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
Aug 8 07:02:50 darko pluto[23921]: "roadwarrior-l2tp"[1] 80.10.30.143 #1:
transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 8 07:02:50 darko pluto[23921]: "roadwarrior-l2tp"[1] 80.10.30.143 #1:
STATE_MAIN_R2: sent MR2, expecting MI3
Aug 8 07:02:51 darko pluto[23921]: "roadwarrior-l2tp"[1] 80.10.30.143 #1:
discarding duplicate packet; already STATE_MAIN_R2
Aug 8 07:02:52 darko pluto[23921]: "roadwarrior-l2tp"[1] 80.10.30.143 #1:
Main mode peer ID is ID_DER_ASN1_DN: 'C=FR, ST=FRANCE, L=LOCATION, O=WEF,
OU=INFO, CN=TEST, E=root at test.com'
Aug 8 07:02:52 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
deleting connection "roadwarrior-l2tp" instance with peer 80.10.30.143
{isakmp=#0/ipsec=#0}
Aug 8 07:02:52 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1: I
am sending my cert
Aug 8 07:02:52 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 8 07:02:52 darko pluto[23921]: | NAT-T: new mapping
80.10.30.143:500/4500)
Aug 8 07:02:52 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Aug 8 07:02:52 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
cannot respond to IPsec SA request because no connection is known for
81.127.61.93/32===192.168.0.4['C=FR, ST=FRANCE, L=LOCATION, O=WEF, OU=INFO,
CN=TEST, E=root at test.com']:17/1701...80.10.30.143['C=FR, ST=FRANCE,
L=LOCATION, O=WEF, OU=INFO, CN=TEST, E=root at test.com']:17/1701
Aug 8 07:02:52 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
sending encrypted notification INVALID_ID_INFORMATION to 80.10.30.143:4500
Aug 8 07:02:53 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0xb51f56cd (perhaps this is a duplicated packet)
Aug 8 07:02:53 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
sending encrypted notification INVALID_MESSAGE_ID to 80.10.30.143:4500
Aug 8 07:02:55 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0xb51f56cd (perhaps this is a duplicated packet)
Aug 8 07:02:55 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
sending encrypted notification INVALID_MESSAGE_ID to 80.10.30.143:4500
Aug 8 07:02:59 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0xb51f56cd (perhaps this is a duplicated packet)
Aug 8 07:02:59 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
sending encrypted notification INVALID_MESSAGE_ID to 80.10.30.143:4500
Aug 8 07:03:07 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0xb51f56cd (perhaps this is a duplicated packet)
Aug 8 07:03:07 darko pluto[23921]: "roadwarrior-l2tp"[2] 80.10.30.143 #1:
sending encrypted notification INVALID_MESSAGE_ID to 80.10.30.143:4500
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060808/68e0d4ea/attachment-0001.htm
More information about the Users
mailing list