[Openswan Users] One road warrior doesn't connect - RESOLVED

Brian Hoover brian_hoover at verizon.net
Fri Dec 22 06:43:42 EST 2006


Brian Hoover wrote:
> My IPsec/L2TP Gateway config:
>
> Kernel 2.6.14 klips, Linux Openswan U2.4.5rc5/K2.4.5dr3 (klips), Using 
> X.509
>
> The setup works well for many users accept one.  When he tries to 
> connect using XP's client the sequence below is logged.
> When I review a working connection sequence I see that certs are passed 
> after the sent MR2 message, so I recreated and reinstalled his cert, 
> still no joy.
>
> How can I find more information about what is stopping this connection?
>
> I tried to enabled ike logging on the M$ box but the log file was never 
> populated.
>
> Will tcpdump help me?  What should I look for?
>
> Is there an known solution for this without more information?
>
> TIA,
>
> Brian Hoover
>
>   

... clip


> Dec 15 14:04:58 vespertilian pluto[9193]: "L2TP-CERT-NAT"[1000] 
> 38.247.16.254 #5526: STATE_MAIN_R2: sent MR2, expecting MI3
>
> XP finally gives-up with "security negotiation timed out"
>   

This was caused by  McAfee Security Center on the XP pc.  Replacing 
Security Center with Virusscan Enterprise and using the native XP 
Firewall allowed this machine to connect.


More information about the Users mailing list