[Openswan Users] Openswan U2.4.4/K2.6.15.7-ubuntu1.1282006 (netkey) - Windows Xp with sp2
Jure
baznik9 at siol.net
Wed Aug 30 03:26:08 EDT 2006
I have one server Kubuntu with Linux Openswan
U2.4.4/K2.6.15.7-ubuntu1.1282006 (netkey)
on this computer I have two network cards
one eth0 - direct connection with ppp0 for adsl modem
IP: 192.168.0.3
broadcast: 192.168.0.255
mask: 255.255.255.0
second eth1 for crossover cabel with Windows Xp client
IP: 192.168.0.4
broadcast: 192.168.0.255
mask: 255.255.255.0
my ipsec.conf on Linux is
version 2.0
config setup
interfaces="ipsec0=eth1"
klipsdebug=none
plutodebug=all
uniqueids=yes
nat_traversal=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
conn babylon3-do-babylon1
type=tunnel
authby=rsasig
left=192.168.0.4
leftnexthop=%direct
right=192.168.0.5
rightnexthop=%direct
leftrsasigkey=%cert
rightrsasigkey=%cert
leftcert=babylon3.pem
rightcert=babylon4.pem
keyingtries=0
auto=start
pfs=yes
eth1 network card is direct connected with crossover cabel
on my Windows Xp client with service pack 2 in which I have
one network card
eth0
IP: 192.168.0.5
mask: 255.255.255.0
gateway: 192.168.0.4
c:\ipsec\ipsec.conf
conn babylon3-do-babylon1
left=%any
right=192.168.0.4
rightsubnet=192.168.0.0/24
rightca="C=S,S=Slovenia,L=Ljubljana,O=g,CN=Jure,E=babylon9 at gmail.com"
network=auto
auto=start
pfs=yes
c:\ipsec\ipsec.exe
The problem is when I connect and then pinging Kubuntu server. First is
negotiating for IP security. But then I can't get any packets
back, always lost 4 packets.
my log /var/log/auth.log says
Aug 30 09:20:18 localhost pluto[19001]: "babylon3-do-babylon1" #1:
initiating Main Mode
Aug 30 09:20:20 localhost pluto[19001]: initiate on demand from
192.168.0.4:0 to 192.168.0.5:0 proto=0 state: fos_start because: acquire
Aug 30 09:20:47 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 30 09:20:47 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [FRAGMENTATION]
Aug 30 09:20:49 localhost pluto[19001]: packet from 192.168.0.5:1:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Aug 30 09:20:50 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [Vid-Initial-Contact]
Aug 30 09:20:51 localhost pluto[19001]: "babylon3-do-babylon1" #2:
responding to Main Mode
Aug 30 09:20:51 localhost pluto[19001]: "babylon3-do-babylon1" #2:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 30 09:20:52 localhost pluto[19001]: "babylon3-do-babylon1" #2:
STATE_MAIN_R1: sent MR1, expecting MI2
Aug 30 09:20:53 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Aug 30 09:20:53 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [FRAGMENTATION]
Aug 30 09:20:54 localhost pluto[19001]: packet from 192.168.0.5:1:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set
to=106
Aug 30 09:20:54 localhost pluto[19001]: packet from 192.168.0.5:1:
ignoring Vendor ID payload [Vid-Initial-Contact]
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #3:
responding to Main Mode
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #3:
transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #3:
STATE_MAIN_R1: sent MR1, expecting MI2
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #2:
ERROR: asynchronous network error report on eth1 (sport=500) for message
to 192.168.0.5 port 1, complainant 192.168.0.4: No route to host [errno
113, origin ICMP type 3 code 1 (not authenticated)]
Aug 30 09:20:54 localhost pluto[19001]: "babylon3-do-babylon1" #3:
ERROR: asynchronous network error report on eth1 (sport=500) for message
to 192.168.0.5 port 1, complainant 192.168.0.4: No route to host [errno
113, origin ICMP type 3 code 1 (not authenticated)]
Can anybody help me, I would really appreciate any help guys!
More information about the Users
mailing list