[Openswan Users] Openswan U2.4.4/K2.6.15.7-ubuntu1.1282006 (netkey) - Windows Xp with sp2

Jure Baznik babylon9 at gmail.com
Wed Aug 30 03:37:36 EDT 2006


I have one server Kubuntu with Linux Openswan
U2.4.4/K2.6.15.7-ubuntu1.1282006 (netkey)

on this computer I have two network cards

one eth0 - direct connection with ppp0 for adsl modem
IP: 192.168.0.3
broadcast: 192.168.0.255
mask: 255.255.255.0

second eth1 for crossover cabel with Windows Xp client
IP: 192.168.0.4
broadcast: 192.168.0.255
mask: 255.255.255.0

my ipsec.conf on Linux is

version 2.0

config setup
        interfaces="ipsec0=eth1"
        klipsdebug=none
        plutodebug=all
        uniqueids=yes
        nat_traversal=yes

conn %default
        keyingtries=0
        disablearrivalcheck=no
        authby=rsasig

conn babylon3-do-babylon1
        type=tunnel
        authby=rsasig
        left=192.168.0.4
        leftnexthop=%direct
        right=192.168.0.5
        rightnexthop=%direct
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        leftcert=babylon3.pem
        rightcert=babylon4.pem
        keyingtries=0
        auto=start
        pfs=yes

eth1 network card is direct connected with crossover cabel
on my Windows Xp client with service pack 2 in which I have
one network card

eth0
IP: 192.168.0.5
mask: 255.255.255.0
gateway: 192.168.0.4


c:\ipsec\ipsec.conf

conn babylon3-do-babylon1
    left=%any
    right=192.168.0.4
    rightsubnet=192.168.0.0/24
 rightca="C=S,S=Slovenia,L=Ljubljana,O=g,CN=Jure,E=babylon9 at gmail.com"
<C=S,S=Slovenia,L=Ljubljana,O=g,CN=Jure,E=babylon9 at gmail.com>
    network=auto
    auto=start
    pfs=yes

c:\ipsec\ipsec.exe

The problem is when I connect and then pinging Kubuntu server. First is
negotiating for IP security. But then I can't get any packets
back, always lost 4 packets.

my log /var/log/auth.log says

Aug 30 09:20:18 localhost pluto[19001]: "babylon3-do-babylon1" #1:
initiating Main Mode
Aug 30 09:20:20 localhost pluto[19001]: initiate on demand from
192.168.0.4:0 to 192.168.0.5:0 proto=0 state: fos_start because: acquire
Aug 30 09:20:47 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 30 09:20:47 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [FRAGMENTATION]
Aug 30 09:20:49 localhost pluto[19001]: packet from 192.168.0.5:1:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Aug 30 09:20:50 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [Vid-Initial-Contact]
Aug 30 09:20:51 localhost pluto[19001]: "babylon3-do-babylon1" #2:
responding to Main Mode
Aug 30 09:20:51 localhost pluto[19001]: "babylon3-do-babylon1" #2:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 30 09:20:52 localhost pluto[19001]: "babylon3-do-babylon1" #2:
STATE_MAIN_R1: sent MR1, expecting MI2
Aug 30 09:20:53 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 30 09:20:53 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [FRAGMENTATION]
Aug 30 09:20:54 localhost pluto[19001]: packet from 192.168.0.5:1:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Aug 30 09:20:54 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [Vid-Initial-Contact]
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #3:
responding to Main Mode
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #3:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #3:
STATE_MAIN_R1: sent MR1, expecting MI2
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #2:
ERROR: asynchronous network error report on eth1 (sport=500) for message
to 192.168.0.5 port 1, complainant 192.168.0.4: No route to host [errno
113, origin ICMP type 3 code 1 (not authenticated)]
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #3:
ERROR: asynchronous network error report on eth1 (sport=500) for message
to 192.168.0.5 port 1, complainant 192.168.0.4: No route to host [errno
113, origin ICMP type 3 code 1 (not authenticated)]

Can anybody help me, I would really appreciate any help guys!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060830/909a4748/attachment.html 


More information about the Users mailing list