[Openswan Users] OSX 10.4.5 maybe :)

Brett Curtis dashnu at gmail.com
Fri Feb 17 08:21:56 CET 2006 

Wondering if you figured out why you are losing your connect. I seem  
to loose mine after about an hour. It seems to be an l2tpd or ppp  
problem.

Some logs.. are yours reflecting the same errors?

Feb 15 14:01:08 defender pppd[21204]: rcvd [LCP EchoReq id=0x2a  
magic=0xc6ac4467]
Feb 15 14:01:08 defender pppd[21204]: sent [LCP EchoRep id=0x2a  
magic=0x85f75c48]
Feb 15 14:01:53 defender l2tpd[1939]: control_xmit: Maximum retries  
exceeded for tunnel 54320.  Closing.

I get several of those pppd logs. It seems that the ipsec connect is  
fine through this series of events.

Versions..

Gentoo Linux 2.6.11-hardened-r15
openswan-2.4.4
l2tpd-0.70_pre20031121
ppp-2.4.2-r15

Thanks.



On Feb 15, 2006, at 11:44 AM, Christophe Ngo wrote:

> Hi,
>
>   I’ve been connecting today as a roadwarrior with a 10.4.5 behind  
> an DSL router and NATed
>
>   What I’ve found so far:
> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload  
> [RFC 3947] method set to=109
> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload  
> [draft-ietf-ipsec-nat-t-ike] method set to=110
> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload  
> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110
> pluto[17507]: packet from x.x.x.x:500: received Vendor ID payload  
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using  
> method 110
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: responding to Main  
> Mode from unknown peer 200.88.223.131
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from  
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R1: sent  
> MR1, expecting MI2
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: ignoring Vendor ID  
> payload [KAME/racoon]
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: NAT-Traversal:  
> Result using RFC 3947 (NAT-Traversal): peer is NATed
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: transition from  
> state STATE_MAIN_R1 to state STATE_MAIN_R2
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: STATE_MAIN_R2: sent  
> MR2, expecting MI3
> pluto[17507]: "L2TP-PSK-OLD"[45] x.x.x.x #108: Main mode peer ID is  
> ID_IPV4_ADDR: '10.0.0.3'
> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: deleting connection  
> "L2TP-PSK-OLD" instance with peer x.x.x.x {isakmp=#0/ipsec=#0}
> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: I did not send a  
> certificate because I do not have one.
> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: transition from  
> state STATE_MAIN_R2 to state STATE_MAIN_R3
> pluto[17507]: | NAT-T: new mapping x.x.x.x:500/50339)
> pluto[17507]: "L2TP-PSK-OLD"[46] x.x.x.x #108: STATE_MAIN_R3: sent  
> MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY  
> cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: responding to Quick  
> Mode {msgid:ecd87ac6}
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state  
> STATE_QUICK_R0 to state STATE_QUICK_R1
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R1: sent  
> QR1, inbound IPsec SA installed, expecting QI2
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: transition from state  
> STATE_QUICK_R1 to state STATE_QUICK_R2
> pluto[17507]: "L2TP-PSK-NAT"[8] x.x.x.x #109: STATE_QUICK_R2: IPsec  
> SA established {ESP=>0x06bddbec <0xfc9d43dd xfrm=AES_128-HMAC_SHA1  
> NATD= x.x.x.x:50339 DPD=none}
>
>   The strange thing I’ve noticed today is that the VPN connection  
> seems to drop when the DSL connection is used a lot by the other  
> computer (the 10.0.0.2) which is not connected to the VPN
>
> Let me know if I can help test something for you.
>
> Cheers,
> Christophe
>
> On 2/15/06 12:04 PM, "Brett Curtis" <dashnu at gmail.com> wrote:
>
>> Latest update Fix.. 10.4.5
>>
>> -VPN connections to Cisco servers when using NAT
>>
>> Hope they use the correct NAT-T now.. I will let you guys know.
>>
>> /me reboots
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327? 
>> n=283155
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327? 
> n=283155

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060217/ca106da7/attachment.htm

More information about the Users mailing list