[Openswan Users] L2TP/IPSEC Widnows Mobile 5.0

Thu Aug 31 08:57:43 EDT 2006

Hey there,

It has been quite a while since I don't have problems with openswan (good 
news, hum?), but now I'm facing a problem that is not openswan's itself, but 
I thought you guys might help me with your experience.

My client suddenly dropped a bomb on me: they got some HP Ipaq's and 
suddenly have a need to create L2TP/IPSEC connections between them and the 
Linux Servers. Luckly, for the moment, they won't use two Ipaq's at the same 
location, so I won't have any issues with multiple clients from the same 
source.

So, I could successfully import the PKCS12 certificate with P12IMPRT, create 
de L2TP/IPSEC connection and connect to the server:

Aug 31 09:42:27 inet pluto[17203]: packet from A.B.C.D:500: ignoring Vendor 
ID payload [Vid-Initial-Contact]
Aug 31 09:42:27 inet pluto[17203]: "MR-Ambiente"[3] A.B.C.D #43: responding 
to Main Mode from unknown peer A.B.C.D
Aug 31 09:42:27 inet pluto[17203]: "MR-Ambiente"[3] A.B.C.D #43: transition 
from state STATE_MAIN_R0 to state STATE_MAIN_R1
Aug 31 09:42:27 inet pluto[17203]: "MR-Ambiente"[3] A.B.C.D #43: 
STATE_MAIN_R1: sent MR1, expecting MI2
Aug 31 09:42:31 inet pluto[17203]: "MR-Ambiente"[3] A.B.C.D #43: 
NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Aug 31 09:42:31 inet pluto[17203]: "MR-Ambiente"[3] A.B.C.D #43: transition 
from state STATE_MAIN_R1 to state STATE_MAIN_R2
Aug 31 09:42:31 inet pluto[17203]: "MR-Ambiente"[3] A.B.C.D #43: 
STATE_MAIN_R2: sent MR2, expecting MI3
Aug 31 09:42:33 inet pluto[17203]: "MR-Ambiente"[3] A.B.C.D #43: Main mode 
peer ID is ID_DER_ASN1_DN: 'C=...
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #43: deleting 
connection "MR-Ambiente" instance with peer A.B.C.D {isakmp=#0/ipsec=#0}
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #43: I am 
sending my cert
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #43: 
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Aug 31 09:42:33 inet pluto[17203]: | NAT-T: new mapping A.B.C.D:500/4500)
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #43: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_RSA_SIG 
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #43: 
retransmitting in response to duplicate packet; already STATE_MAIN_R3
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #44: 
responding to Quick Mode {msgid:89c6ef80}
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #44: 
transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #44: 
STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #44: 
transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Aug 31 09:42:33 inet pluto[17203]: "Juka-Ambiente"[2] A.B.C.D #44: 
STATE_QUICK_R2: IPsec SA established {ESP=>0x00bf96b0 <0xad0ea1a9 
xfrm=3DES_0-HMAC_SHA1 NATD=A.B.C.D:4500 DPD=none}

so far so good. And the client connected and authenticated to l2tp:

Aug 31 09:42:36 inet pppd[27171]: Plugin /usr/lib/pppd/2.4.2/radius.so 
loaded.
Aug 31 09:42:36 inet pppd[27171]: RADIUS plugin initialized.
Aug 31 09:42:37 inet pppd[27171]: pppd 2.4.2 started by root, uid 0
Aug 31 09:42:37 inet pppd[27171]: Using interface ppp0
Aug 31 09:42:37 inet pppd[27171]: Connect: ppp0 <--> /dev/pts/0
Aug 31 09:42:40 inet pppd[27171]: Unsupported protocol 'Compression Control 
Protocol' (0x80fd) received
Aug 31 09:42:40 inet pppd[27171]: Unsupported protocol 0x8057 received
Aug 31 09:42:40 inet pppd[27171]: found interface eth1 for proxy arp
Aug 31 09:42:40 inet pppd[27171]: local  IP address 192.168.0.200
Aug 31 09:42:40 inet pppd[27171]: remote IP address 192.168.0.201

But as soon as I try to send some data to the server i get:

Aug 31 09:43:16 inet pppd[27171]: LCP terminated by peer
Aug 31 09:43:16 inet pppd[27171]: rc_avpair_new: unknown attribute 48
Aug 31 09:43:16 inet pppd[27171]: rc_avpair_new: unknown attribute 47
Aug 31 09:43:16 inet pppd[27171]: Modem hangup
Aug 31 09:43:16 inet pppd[27171]: Connection terminated.
Aug 31 09:43:16 inet pppd[27171]: Connect time 0.7 minutes.
Aug 31 09:43:16 inet pppd[27171]: Sent 389 bytes, received 1193 bytes.
Aug 31 09:43:16 inet pppd[27171]: Connect time 0.7 minutes.
Aug 31 09:43:16 inet pppd[27171]: Sent 389 bytes, received 1193 bytes.
Aug 31 09:43:16 inet pppd[27171]: Exit.

It smeels like an L2TP issue, probably a dicitionary problem.

The system: openswan-2.4.5, Kernel-2.6.10-2.3_FC2 with NAT-T and KLIPS 
static, rp-l2tp-0.4-1jdl, pppd-2.4.2.

Any clues?

Thanks,

Giovani 