[Openswan Users] Odd behavior Linux Client to working 'roadwarrior' server

Rick Romero rick at havokmon.com
Fri Aug 25 13:43:01 EDT 2006


Paul Wouters wrote:
> On Thu, 24 Aug 2006, Rick Romero wrote:
>
>   
>> So I thought I messed something up, but the server end seems to restart
>> pluto?  Is that normal?
>>     
>
>   
>> Aug 24 13:47:54 localhost ipsec__plutorun: Restarting Pluto subsystem...
>> Aug 24 13:47:54 localhost pluto[5368]: Starting Pluto (Openswan Version
>> 2.2.0 X.509-1.5.4 PLUTO_USES_KEYRR)
>>     
>
> openswan 2.2.0 has a few known crashers. Upgrade.
>
> Paul
>   
I apologize Paul, I think I replied to you directly earlier. 

In any case, using apt-get in Debian to upgrade my Openswan seems to 
have broken me entirely.   I'm running 2.4.6 now, but even previously 
working XP users aren't able to make an initial connection, and 
sometimes have to 'retry' to even get XP to attempt the 
username/password - which no longer works either. :(

I can definitely chalk this up to me not having a great grasp of 
debian's upgrade system (which didn't want to upgrade openswan, and 
there are still some things it doesn't want to do).

I've verified none of my configs were overwritten.  Though more than 
openswan was ended up being upgrad, including the ca-certificate 
package, and ppp. 

I think this is about where the trouble starts:
auth.log:

Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[1] 
24.164.254.185 #1: switched from "roadwarrior-l2tp" to "roadwarrior-l2tp"
Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #1: deleting connection "roadwarrior-l2tp" instance with 
peer 24.164.254.185 {isakmp=#0/ipsec=#0}
Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #1: I am sending my cert
Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #1: transition from state STATE_MAIN_R2 to state 
STATE_MAIN_R3
Aug 25 12:24:40 localhost pluto[3645]: | NAT-T: new mapping 
24.164.254.185:500/4500)
Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established 
{auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha 
group=modp2048}
Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #2: responding to Quick Mode {msgid:ba8a3111}
Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #2: transition from state STATE_QUICK_R0 to state 
STATE_QUICK_R1
Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, 
expecting QI2
Aug 25 12:24:41 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #2: transition from state STATE_QUICK_R1 to state 
STATE_QUICK_R2
Aug 25 12:24:41 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xc0108683 
<0xaa5ad969 xfrm=3DES_0-HMAC_MD5 NATD=24.164.254.185:4500 DPD=none}
Aug 25 12:24:47 localhost pluto[3645]: ERROR: asynchronous network error 
report on eth0 (sport=4500) for message to 24.164.254.185 port 4500, 
complainant 64.198.2.71: No route to host [errno 113, origin ICMP type 3 
code 1 (not authenticated)]
Aug 25 12:25:22 localhost last message repeated 19 times
Aug 25 12:25:52 localhost last message repeated 14 times
Aug 25 12:26:14 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #1: received Delete SA(0xc0108683) payload: deleting 
IPSEC State #2
Aug 25 12:26:14 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #1: received and ignored informational message
Aug 25 12:26:14 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185 #1: received Delete SA payload: deleting ISAKMP State #1
Aug 25 12:26:14 localhost pluto[3645]: "roadwarrior-l2tp"[2] 
24.164.254.185: deleting connection "roadwarrior-l2tp" instance with 
peer 24.164.254.185 {isakmp=#0/ipsec=#0}
Aug 25 12:26:14 localhost pluto[3645]: packet from 24.164.254.185:4500: 
received and ignored informational message
Aug 25 12:26:17 localhost pluto[3645]: ERROR: asynchronous network error 
report on eth0 (sport=4500) for message to 24.164.254.185 port 4500, 
complainant 64.198.2.71: No route to host [errno 113, origin ICMP type 3 
code 1 (not authenticated)]
Aug 25 12:26:17 localhost pluto[3645]: ERROR: asynchronous network error 
report on eth0 (sport=4500) for message to 24.164.254.185 port 4500, 
complainant 64.198.2.71: No route to host [errno 113, origin ICMP type 3 
code 1 (not authenticated)]

Help :)





More information about the Users mailing list