[Openswan Users] Odd behavior Linux Client to working 'roadwarrior' server
Paul Wouters
paul at xelerance.com
Sun Aug 27 21:32:38 EDT 2006
On Fri, 25 Aug 2006, Rick Romero wrote:
> In any case, using apt-get in Debian to upgrade my Openswan seems to
> have broken me entirely. I'm running 2.4.6 now, but even previously
> working XP users aren't able to make an initial connection, and
> sometimes have to 'retry' to even get XP to attempt the
> username/password - which no longer works either. :(
Strange.
> I think this is about where the trouble starts:
> auth.log:
>
> Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[1]
> 24.164.254.185 #1: switched from "roadwarrior-l2tp" to "roadwarrior-l2tp"
That's a bit of an odd message. Do you have multiple conns defined, or
just one?
> Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #1: deleting connection "roadwarrior-l2tp" instance with
> peer 24.164.254.185 {isakmp=#0/ipsec=#0}
> Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #1: I am sending my cert
> Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #1: transition from state STATE_MAIN_R2 to state
> STATE_MAIN_R3
> Aug 25 12:24:40 localhost pluto[3645]: | NAT-T: new mapping
> 24.164.254.185:500/4500)
> Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established
> {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192 prf=oakley_sha
> group=modp2048}
> Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #2: responding to Quick Mode {msgid:ba8a3111}
> Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #2: transition from state STATE_QUICK_R0 to state
> STATE_QUICK_R1
> Aug 25 12:24:40 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed,
> expecting QI2
> Aug 25 12:24:41 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #2: transition from state STATE_QUICK_R1 to state
> STATE_QUICK_R2
> Aug 25 12:24:41 localhost pluto[3645]: "roadwarrior-l2tp"[2]
> 24.164.254.185 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0xc0108683
> <0xaa5ad969 xfrm=3DES_0-HMAC_MD5 NATD=24.164.254.185:4500 DPD=none}
> Aug 25 12:24:47 localhost pluto[3645]: ERROR: asynchronous network error
> report on eth0 (sport=4500) for message to 24.164.254.185 port 4500,
> complainant 64.198.2.71: No route to host [errno 113, origin ICMP type 3
> code 1 (not authenticated)]
Seems some problem with your upstream.64.198.2.71 cannot route packets
for 24.164.254.185. I wonder if your upgrade might have set some
different /proc values. Perhaps check /etc/sysctl.conf? Or try lowering
the mtu on the openswan end slightly, eg from 1500 to 1472.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list